Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Snooping Represents A Growing Data Breach Threat

Few organizations are addressing the risk caused by outsiders looking at company information on mobile workers' screens, finds a study by 3M.

Who's reading over your shoulder? With more employees now working in public places, for a break from the office or while on the go, 57% said they've had to stop their work because of privacy concerns, and 70% think they'd be more productive if no one else could view what they're working on.

Those findings come from a survey of 800 computer-using professionals, conducted by Luth Research and commissioned by 3M, which manufactures physical privacy filters for PCs and mobile devices.

But is the risk of so-called "visual data breaches" real? Well, snooping is certainly a threat, according to Hugh Thompson, chief security strategist of People Security. "Information revealed on mobile devices outside the workplace now creates a window into a corporation's most confidential data -- whether it is regulated or simply company secrets -- and significantly raises the threat level of visual data breaches."

According to market researcher IDC, 72% of the U.S. workforce is mobile in some capacity, and it expects to see 75% of the workforce mobile by 2013. Meanwhile, according to the 3M survey, half of employees now work outside the office in a high-traffic public area at least one hour per week.

Of course, when on the go, getting things done often requires working with sensitive information. Indeed, according to the survey, 67% of employees work with sensitive information outside of the office, including corporate financial data (said 42% of respondents), customers' credit card numbers (26%), customers' social security numbers (24%), and patients' medical information (15%).

But the study found that 70% of organizations have no security policies relating to working in public places, and 79% have no policy relating to the use of privacy filters.

From a security standpoint, visual privacy still ranks relatively low on the IT radar. According to survey respondents, their organization's current data security practices include virtual private network (VPN) access (46%), disk encryption software (38%), and two-factor authentication (19%). Only 13% of organizations, however, currently use privacy filters.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing Writer,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4245
PUBLISHED: 2019-12-11
Orca has arbitrary code execution due to insecure Python module load
CVE-2013-4593
PUBLISHED: 2019-12-11
RubyGem omniauth-facebook has an access token security vulnerability
CVE-2013-6495
PUBLISHED: 2019-12-11
JBossWeb Bayeux has reflected XSS
CVE-2013-7370
PUBLISHED: 2019-12-11
node-connect before 2.8.2 has cross site scripting in methodOverride Middleware
CVE-2019-18935
PUBLISHED: 2019-12-11
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote cod...