Who's looking at your screen and how can you stop them? [Q&A]
We can all remember seeing kids at school hunched over their desks to prevent anyone seeing what they were writing on their test papers. But when it comes to hiding sensitive information on your screen things aren’t that easy.
How big a problem is eavesdropping in this way and what can be done to guard against it? To find out, we spoke to Dr Bill Anderson, Chief Product Officer of technology company OptioLabs which has just announced a collaboration with AMD to help solve the issue.
BN: How big a problem is visual eavesdropping?
BA: The reality of today's world is that data is constantly being exposed on mobile devices. Using laptops, tablets and phones in places like coffee shops, airports, hospitals, or even inside company offices, puts information at risk to visual eavesdroppers, often without a user’s knowledge. A surprising 42 percent of all data breaches are caused by the simple observation of a computer screen -- according to studies by the Secret Service, Verizon Business and CERT at Carnegie Mellon -- but when you consider the fact that 89 percent of people admit to reading over someone else's shoulder (OptioLabs Mobile Worker Privacy Survey, 2013), it is evident just how frequently this type of data loss can occur.
BN: What types of data are most at risk from this issue?
BA: The same OptioLabs survey also shows that 83 percent of mobile workers admit to using computers in public with confidential data displayed. All data is at risk from this issue, but sensitive data, such as corporate IP, personal and corporate financial information, health records, credit card information, and social security numbers are especially at risk because they are regularly exposed inside and outside of the work place. In fact, the 2014 US State of Cybercrime survey shows insiders made up the highest percentage of cases where data was compromised or stolen in 2014; 76 percent of the data lost were confidential records, 71 percent were customer records, and 63 percent were employee records.
BN: How effective are aftermarket solutions like filters and hoods?
BA: Screen filters and hoods can certainly prevent someone beside you from viewing your screen, but consider this: if someone is standing directly behind you, not only will they be able to see your screen just as clearly as you, but you will you not know that they are looking over your shoulder. Filters and hoods are ineffective because they do not protect information from visual eavesdroppers and they do not warn a user when their information may have been compromised.
Filters also introduce distortion, reduce screen brightness, and make it difficult for a colleague collaborating next to you to read your screen. This affects both consumers and enterprises, but enterprises face the additional issue of needing to comply with privacy regulations. When enterprise users remove their filters due to inconvenience, it takes enterprises out of compliance and puts them at risk of failing an audit.
BN: How is OptioLabs working to solve the problem?
BA: The security industry has focused on driving protection efforts toward the network and device layer, without much consideration for the most outward facing risk -- the last 2 feet from the computer to the user. OptioLabs PrivateEye Enterprise provides a layer of protection to address this vulnerability by protecting against data loss due to direct observation of the computer screen. The product provides organizations with a data security and compliance tool to prevent, monitor and respond to incidents they would otherwise miss. PrivateEye Enterprise protects against data leakage in real-time and provides actionable intelligence to monitor threat patterns.
BN: How does the technology work?
BA: OptioLabs' PrivateEye Enterprise uses facial recognition to unlock an authorized user's screen automatically, and continuously validates the user to ensure ongoing protection. Attention sensing technology in PrivateEye automatically protects the screen by blurring it whenever the user looks away or leaves their computer, and instantly clears it when they look back or return. The software continuously scans the scene around and behind a user to identify additional faces looking at the user's display, and if an eavesdropper is detected, PrivateEye alerts the user. The solution can also be set to automatically protect the screen when this occurs. Further, if an intruder attempts to log in while the user is away, a picture will be captured. Security alerts are also logged and can be sent to a 3rd party SIEM tool to incorporate into broader incident analysis.
Image Credit: racorn / Shutterstock