Boost security and fight snooping! Three easy techniques can raise awareness and minimize shoulder surfing and eavesdropping.When considering data loss, we often think only of an attacker gaining access to our systems and extracting data. However, invisible data loss is a concerning problem as well. It occurs when someone gains access to data by being in proximity to the person who is using that data1Wendy F. Goucher, Security Awareness Design in the New Normal Age, CRC Press, 2023. That is, techniques like shoulder surfing to view on screen information and eavesdropping to gather information from conversations are used. The result is invisible data loss because you cannot detect it on the network or at the ingress/egress points of the data storage. The best protection we have is security awareness.

Unveiling Invisible Data Loss

When an attacker employs techniques resulting in invisible data loss, significantly less data can be stolen than with digital attack methods. However, if the small amount of information is the right information, it can result in significant loss even though the data amount is small. Therefore, protecting against invisible data loss becomes important.

In many cases, invisible data loss is an accidental or serendipitous (for the attacker) occurrence on both the part of the employee who “leaks” the data and the “attacker” who receives the data. The “attacker” may not be a typical hacker as we think of them, but simply an individual who overheard a conversation or saw something on the employee’s screen that would be beneficial to themselves, a competitor, or any other individual or group. The consumption of the data was unintentional, but the use of it is intentional.

At other times, the data theft is intentional. The attacker may not only visually or audibly consume the data but may also use a smart phone or another camera device to take pictures of the screen as the employee is viewing the sensitive data. Using a camera for shoulder surfing can be discrete, if a small enough camera is used, and allows for the capture of more data than simply memorizing what is seen on the screen.

Preventing Invisible Data Loss: Practical Measures

Boost security and fight snooping! Three easy techniques can raise awareness and minimize shoulder surfing and eavesdropping.

  1. Vigilance matters! Regularly emphasize the importance of protecting on-screen information, whether remote or in the office.
  2. Remind employees frequently of the importance of protecting conversations. Keep conversations brief in public. If sensitive topics arise, simply say, “Let’s discuss this later at {agreed time}. 
  3. Purchase screen shields that reduce the viewable angle for employee laptop screens and encourage the use of them((This will not prevent shoulder surfing, but it will limit the viewing angle and make it harder to achieve for the attacker.)).

Using these simple steps and reminders can help to reduce invisible data loss. Security awareness is key. Keeping the risk of invisible data loss constantly in mind empowers employees to be more vigilant with sensitive data.

Share This Story, Choose Your Platform!

Recent Post