Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:30 AM
Mari Frank
Mari Frank
Connect Directly
E-Mail vvv

A Hidden Insider Threat: Visual Hackers

Ponemon experiment shows how low-tech white-hat hackers, posing as temps, captured information from exposed documents and computer screens in nearly nine out of ten attempts.

When we think of hackers breaching systems and stealing information from where we work, we don’t usually suspect the people we work with as the guilty parties.

But insider threats are in fact a very real and growing challenge. SANS Institute surveyed nearly 800 IT and security professionals across multiple industries and found that 74 percent of respondents were concerned about negligent or malicious employees who might be insider threats, while 34 percent said they have experienced an insider incident or attack.

One potential method of attack is visual hacking, which is defined as obtaining or capturing sensitive information for unauthorized use. Examples of visual hacking include taking photos of documents left on a printer or information displayed on a screen, or simply writing down employee log-in information that is taped to a computer monitor. The visual hackers themselves could be anyone within an organization’s walls, including employees, contractors or service vendors, such as cleaning and maintenance crews, and even visitors.

In the Visual Hacking Experiment, a study conducted by Ponemon Institute and jointly sponsored by 3M Company and the Visual Privacy Advisory Council, white-hat hackers posing as temporary or part-time workers were sent into the offices of eight U.S.-based, participating companies.

The hackers were able to visually hack sensitive and confidential information from exposed documents and computer screens. They were able to visually hack information such as employee access and login credentials, accounting information and customer information in 88 percent of attempts and were not stopped in 70 percent of incidents.

Assess and Adapt

The best place to begin clamping down on visual privacy threats, no matter what industry you work in, is to perform a visual privacy audit. This will help you assess your key-risk areas and evaluate existing security measures that are in place.

Some questions to consider when conducting a visual privacy audit include:

  • Does your organization have a visual privacy policy?
  • Are shredders located near copiers, printers and desks where confidential documents are regularly handled?
  • Are computer screens angled away from high-traffic areas and windows, and fitted with privacy filters?
  • Do employees keep log-in and password information posted at their workstations or elsewhere?
  • Are employees leaving computer screens on or documents out in the open when not at their desks?
  • Do employees know to be mindful of who is on the premises and what they are accessing, photographing or viewing?
  • Are there reporting mechanisms for suspicious activities?

In addition to identifying areas where visual privacy security falls short, a privacy audit can help managers to make changes or additions needed to your organization’s policies and training.

Policies should outline the do’s and don’ts of information viewing and use for employees and contractors both in the workplace and when working remotely. Additionally, visual privacy, visual hacking and insider threat awareness should be made an integral part of security training, and reinforced through refresher training and employee communications.

Standard best practices

The specific measures you take to defend against visual hacking from insider threats will be unique to your organization or industry. For example, health care organizations are mandated under HIPAA to use administrative, physical, and technical safeguards to ensure the privacy and security of PHI in all forms, including paper and electronic form. But all organizations have the duty to protect customer and employee information, the organization’s intellectual property, confidences, and privacy interests. Standard best practices that apply to nearly every organization include:

  • A “clean desk” policy requiring employees to turn off device screens and remove all papers from their desks before leaving each night.
  • Requirements for masking high-risk data applications to onlookers using strategies from most secure to least secure.
  • Make shredders standard issue to all on-site units, especially nearby copiers, printers, faxes and a prerequisite for all who qualify to telework or qualify to use secure remote network access to corporate information assets.
  • Install privacy filters on all computers and electronic devices, both in the office and while working remotely, where sensitive data is extremely vulnerable. Privacy filters blacken out the angled view of onlookers while providing an undisturbed viewing experience for the user, and can be fitted to the screens of desktop monitors, laptops and mobile devices.

The growing problem of insider threats shouldn’t instill fear and suspicion in workers about the people they see and talk to every day while on the job. However, workers should understand that the threat is real and that they play an important role in helping protect their company’s sensitive data – and that of their customers – against this increasingly prevalent problem.



Mari Frank, an attorney and certified privacy expert, is the author of the "Identity Theft Survival Kit," "Safe Guard Your Identity," "From Victim to Victor," and "The Guide to Recovering from Identify Theft." Since 2005 she's been the radio host of "Privacy Piracy" a weekly ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
12/24/2015 | 11:06:38 AM
Good advice
Privacy screens and all that are very important, but if I ever see someone with a post-it note of their login password (or heaven forbid, for their password manager) tacked to their monitor again, I'll pull my hair out. 

It's one of the worst security gaffs and so many people do it. It's a great indicator that we need to move beyond passwords as soon as possible.
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-18
Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.