Transcript
Privacy Screens: The Simple Way to Protect Assets and Improve Productivity Erik Willey 10.08.2014 Purposeful and inadvertent viewing of confidential and valuable onscreen information in the workplace is nothing new. However, the risk of harmful visual hacking is increasing, fueled by the prevalence of smartphones with high-resolution cameras. Developing and enforcing visual privacy protocols that incorporate the use of privacy screens is an easy, effective way to thwart would-be thieves of onscreen data.
Privacy Screens: The Simple Way to Protect Assets and Improve Productivity
Introduction IT security requirements have become more complex than ever, as technological advances drive the need for security protocols covering things like cloud computing, virtualization and mobile endpoints, along with identity and access management, network security, and other standard security tasks. Among the many areas of concern, data loss prevention (DLP) is a growing priority, with the market for content-aware DLP software designed to monitor and protect confidential data forecast to increase by 28.6% in 2014.1 Despite an intense focus on data protection fueled by recent high-profile leaks and hacks at major corporations, a growing cyber threat often goes unnoticed and under reported: the visual data breach.
In addition to enhancing compliance with privacy regulations and safeguarding sensitive corporate or customer information, research suggests that privacy screens can also help boost productivity.
Also referred to as “visual hacking,” a visual data breach occurs any time sensitive or confidential data is observed onscreen by anyone other than the employee working with the content. The severity of the breach is dependent on the type of information onscreen, the length of time it is visible, and whether the observer is able to write down the data (such as a user ID and password) or capture an image of the screen with a camera.
Prevalence of the Problem SECURE, the European Association for Visual Data Security, defines visual data security as, “the protection of sensitive, valuable or private information from visual capture.” 2 According to SECURE and other security organizations, breaches in visual privacy are on the rise. Sensitive and confidential data has long been a temptation for prying eyes in the workplace – some of them merely curious, others with the intent to put the pilfered information to use for personal benefit or the company’s harm. Today, the prevalence of smartphones equipped with high-resolution digital cameras makes the visual data thief’s job all the easier. With an unobtrusive click of their phone, thieves can simply take aim at a display to capture a clear, crisp image of the onscreen content. Breaches in visual privacy put corporate data at risk in multiple settings. As worker mobility has increased, so has the tendency for employees to work with confidential or sensitive company information outside the workplace. One study revealed that two-thirds of the professionals surveyed had done so, with 55% of them regularly working on their laptops in a public, high-traffic area for at least 1 hour per week. Eighty
Privacy Screens: The Simple Way to Protect Assets and Improve Productivity
percent felt that the potential for others to see their on-screen work content posed a risk to their companies.3 The visual privacy problem, however, is hardly limited to work conducted outside of the office. In another survey on the topic, over two-thirds of the respondents (69%) indicated that their visual privacy had been invaded while working in the office.4 Polling in the UK revealed that 71% of professionals admitted to having read what an office coworker was working on over their shoulder. Similarly, in France, 46% of professionals polled said that they had experienced situations in which they were concerned that confidential information they worked on may have been seen by coworkers.5 In fact, a 2014 list of top security priorities for CIOs cited “The Insider Threat” as a growing area of security concern. According to cyber-investigations expert Timothy Ryan: “There’s a tremendous amount of data compromised today where the act is never discovered or disclosed. People discount the insider threat because it doesn’t make the news. Instead, we see headlines about external credit card breaches and theft of personally identifiable information, because regulations mandate accountability and punishment is expensive. The insider threat is insidious and complex.”6 While there are certainly many ways that employees (and visitors) inside your corporate confines might covertly access data, simply looking over the shoulder of an employee working with sensitive or valuable information is one of the easiest and most subtle. And with the ubiquity of camera-equipped smartphones, the risk profile for this often overlooked security breach has been substantially raised.
An Easy, Cost-effective Solution Increasing awareness of the problem is the first step in addressing visual hacking in the workplace. Once organizations become familiar with the risk, the solution is simple: add privacy screens in high traffic areas, open workspaces, and at any workstation where employees work with confidential information or sensitive data such as credit card numbers, social security numbers, medical information, and corporate strategic or financial information.
Privacy Screens: The Simple Way to Protect Assets and Improve Productivity
Quick and easy to install, privacy screens maintain a clear view directly in front of the display, while blocking visibility when the display is viewed from a side angle. Screen data remains visible to those who need it and blocked from those who don’t. Privacy screens further add to employee comfort by reducing glare and eye strain, while helping protect the LCD screen from scuffs and scratches. In addition to enhancing compliance with privacy regulations and safeguarding sensitive corporate or customer information, research suggests that privacy screens can also help boost productivity. In a simulation of reallife conditions, with a stranger hovering nearby as participants completed a questionnaire with sensitive information about their company, a 2013 study concluded that employees may be up to 50% less productive when they perceive their visual privacy to be at risk. In the simulation, participants without visual privacy chose to work only 22% of the time, whereas those that were provided with a privacy screen worked twice that amount.7 In another study, 70% of those questioned about mobile work habits said they would be more productive when working in public places if they were confident that no one could see their screen, and over half (57%) said they’ve stopped working on their laptops in public due to privacy concerns.8
Privacy Screen Use Cases Any business, large or small, concerned about the privacy of the information displayed on employee’s monitors can safeguard confidentiality with the use of privacy filters. In particular, industries that work with customer data must comply with laws regulating the use of this information, such as the Privacy Act, the Federal Information Security Management Act (FISMA), HIPPA and HITECH, as well as other federal and state privacy laws. These industries include finance, healthcare, government, military, and education. Case in Point: Healthcare Among the most tightly controlled data, patient medical information is subject to stringent regulations. Nonetheless, patients continue to voice concern about the privacy of their personal medical information. Not only can privacy screens help maintain regulatory compliance, when visible to patients – such as at reception desks and check-in stations – they can help boost patient confidence in an organization’s efforts to safeguard their information.
Privacy screens are ideally suited for use in: • Healthcare • Education • Finance • Open/shared workspaces • HR Departments
Privacy Screens: The Simple Way to Protect Assets and Improve Productivity
Considered a landmark among privacy acts, the Healthcare Insurance Portability and Accountability Act (HIPAA) was designed (among other things) to ensure the security and confidentiality of patient information. Passed in 1996, HIPAA mandated privacy and security rules that went into affect in 2003 and 2005, respectively: • The Privacy rule - defined as controlling who is authorized to access information. It provides individuals the right to keep their medical information from being disclosed. • The Security rule - defined as the ability to control access to, and prevent information from accidental or intentional disclosure to unauthorized persons; and, from alteration, destruction, or loss.9 Despite these stringent guidelines, a post-HIPAA survey revealed that 67% of respondents were still concerned about the privacy of their medical records.10 Similarly, when survey respondents were told about a possible nationwide system of electronic medical records, 70% were concerned that sensitive personal medical information might be leaked due to weak security.11 Case in Point: Education As K-12 school districts and institutions of higher education increasingly rely on electronic records, the topic of protecting student privacy has become a heated debate, leading to questions about the amount and type of data schools should collect, and how it should be stored and accessed.12 Many states and institutions of higher education are reviewing their privacy policies and seeking to enhance provisions established in 1974 by the Family Educational Rights and Privacy Act (FERPA).13 Along with fears that students could be pigeonholed based on prior academic performance, are concerns that data could land in the hands of sexual predators or family members embroiled in custody battles. In addition, opportunities exist for staff and visitors at schools and administration offices to inadvertently or purposefully view confidential student data. The use of privacy screens in these environments can easily remove this threat to student privacy. Also pertinent to privacy in education is the rise of digital test taking. Universities using VDI or cloud-enabled displays for classroom testing as well as state school districts administering Common Core online assessments can benefit significantly from the use of privacy screens to prevent cheating, which is occurring at a historically higher rate.14
Privacy Screens: The Simple Way to Protect Assets and Improve Productivity
Case in Point: The Open Floor Plan A trend that began in the late 20th century, the open floor plan has continued to dominate workplace architecture. As of 2010 nearly 70% of all US offices had open plan layouts, and the data similarly shows a steady decline in the use of private offices.15 When completed as planned in Spring 2015, Facebook’s headquarters will boast the world’s largest open-office floor plan.16 Many employees enjoy their open office spaces and the increased collaboration, faster spread of information, and increased coworker camaraderie they feel the open plan promotes. Research has backed up some of the benefits, like fostering a symbolic sense of organizational mission and making employees feel part of an innovative enterprise. However, it’s also revealed downsides to the open floor plan, like reduced attention span, higher levels of stress, and the loss of a sense of privacy.17 With the loss of physical privacy inherent to the open floor plan clearly comes a greater threat of a visual data breach. Not only are workstation displays more visible to internal employees, the wide-open environment increases the likelihood of viewing by vendors, service personnel, or other third parties. The use of privacy filters along with a clear corporate policy governing visual data security can both safeguard critical information and give employees a greater feeling of privacy and control over their surroundings.
Put It in Writing To reduce the chance of data being compromised due to visual hacking, privacy experts recommend the development and dissemination of formal visual privacy guidelines. When a company’s procedures and best practices for preventing visual hacking are effectively communicated, awareness of the risk increases and employees are motivated to protect their visual privacy. Best practices can include which departments and workstations require privacy screens, as well as procedures for employee training, mobile computing, display shut down, and end-of-workday desk clearance.
Privacy Screens: The Simple Way to Protect Assets and Improve Productivity
Conclusion Purposeful and inadvertent viewing of confidential and valuable onscreen information in the workplace is nothing new. However, the risk of harmful visual hacking is increasing, fueled by the prevalence of smartphones with high-resolution cameras. Anyone who works with sensitive, confidential or valuable strategic data is at risk for a visual data breach. Businesses and organizations responsible for highly sensitive customer or patient data face particularly high stakes to maintain regulatory compliance and customer confidence. In addition, employees are likely to be more productive when they are confident that coworkers and visitors cannot see their onscreen content. Developing and enforcing visual privacy protocols that incorporate the use of privacy screens is an easy, effective way to thwart would-be thieves of onscreen data. 1 https://www.gartner.com/doc/2660219?srcId=1-2819006590&pcp=itg 2 http://www.visualdatasecurity.eu/visual-data-security/ 3, 8 http://www.darkreading.com/risk/3m-study-visual-privacy-is-the-weakest-link/d/d-id/1135318? 4 http://www.businesswire.com/news/home/20130225005223/en/Study-Reveals-50-Percent-Loss-ProductivityVisual#.U_-B0sVdWSo 5 http://www.visualdatasecurity.eu/visual-data-security/ 6 http://www.itbusinessedge.com/slideshows/top-security-priorities-for-cios-in-2014-07.html 7 http://www.businesswire.com/news/home/20130225005223/en/Study-Reveals-50-Percent-Loss-ProductivityVisual#.U_-B0sVdWSo 9 http://hipaa.bsd.uchicago.edu/background.html 10 http://www.chcf.org/media/press-releases/2005/americans-have-acute-concerns-about-the-privacy-of-personalhealth-information 11 http://www.ncbi.nlm.nih.gov/books/NBK9579/ 12 http://www.pewtrusts.org/en/research-and-analysis/blogs/stateline/2013/12/17/protecting-student-privacy-in-the-dataagev 13 http://www.centerdigitaled.com/news/California-Protects-Student-Data-Privacy-with-Two-Bills.html 14 http://www.glass-castle.com/clients/www-nocheating-org/adcouncil/research/cheatingfactsheet.html 15 http://blogs.wsj.com/atwork/2014/02/25/study-open-offices-are-making-us-all-sick/ 16 http://www.csoonline.com/article/2597553/physical-security/is-the-open-floor-plan-trend-a-data-security-headache. html 17 http://www.newyorker.com/business/currency/the-open-office-trap
Corporate names and trademarks stated herein are the property of their respective companies. Copyright©2014 ViewSonic Corporation. All rights reserved. [17359-00C-08/14]