Snooping Represents A Growing Data Breach Threat

Few organizations are addressing the risk caused by outsiders looking at company information on mobile workers' screens, finds a study by 3M.
Who's reading over your shoulder? With more employees now working in public places, for a break from the office or while on the go, 57% said they've had to stop their work because of privacy concerns, and 70% think they'd be more productive if no one else could view what they're working on.

Those findings come from a survey of 800 computer-using professionals, conducted by Luth Research and commissioned by 3M, which manufactures physical privacy filters for PCs and mobile devices.

But is the risk of so-called "visual data breaches" real? Well, snooping is certainly a threat, according to Hugh Thompson, chief security strategist of People Security. "Information revealed on mobile devices outside the workplace now creates a window into a corporation's most confidential data -- whether it is regulated or simply company secrets -- and significantly raises the threat level of visual data breaches."

According to market researcher IDC, 72% of the U.S. workforce is mobile in some capacity, and it expects to see 75% of the workforce mobile by 2013. Meanwhile, according to the 3M survey, half of employees now work outside the office in a high-traffic public area at least one hour per week.

Of course, when on the go, getting things done often requires working with sensitive information. Indeed, according to the survey, 67% of employees work with sensitive information outside of the office, including corporate financial data (said 42% of respondents), customers' credit card numbers (26%), customers' social security numbers (24%), and patients' medical information (15%).

But the study found that 70% of organizations have no security policies relating to working in public places, and 79% have no policy relating to the use of privacy filters.

From a security standpoint, visual privacy still ranks relatively low on the IT radar. According to survey respondents, their organization's current data security practices include virtual private network (VPN) access (46%), disk encryption software (38%), and two-factor authentication (19%). Only 13% of organizations, however, currently use privacy filters.

Editors' Choice
Tara Seals, Managing Editor, News, Dark Reading
Jim Broome, President & CTO, DirectDefense
Nate Nelson, Contributing Writer, Dark Reading