What is shoulder surfing?
This social engineering technique can pose a major security risk, so here's how to best protect against it
There’s no doubt you will have thought twice about your surroundings when sending a sensitive text message, using a certain app, or visiting a certain website when out in public, at least once in the past. It’s only natural. What you might not realise is that the watchful eye you feel may be watching your screen in your most paranoid, self-aware state, may actually be a genuine cyber security threat to consider, especially when you’re the gatekeeper of a business’ sensitive information.
True, it would take some seriously sharp vision to spot and remember a set of log-in credentials anywhere out in public, but the threat is most certainly not zero. Just because you couldn’t do it doesn’t mean a seasoned cyber criminal isn’t able to, and the risk of a fine for leaking data under GDPR means corporate workers can never be too careful.
Shoulder surfing is an intuitively named cyber security threat that involves criminals peering over one’s shoulder to glean any login credentials, or any other kind of useful or sensitive data, they may be able to make use of. There are a number of easy-to-deploy tactics that can go a long way to keeping your clients’ data safe, and your data practices compliant.
How can you best protect against shoulder surfing?
Tilt your device: If you are using a smartphone on a train or bus and feel the unwanted gaze of someone else over your shoulder, you can simply tilt the device away. Similarly, you can lower the phone and cut off the angle.
This tactic is a little more difficult with a tablet or laptop but does still work if it's the person sitting next to you having a snoop. With a laptop, you can always tilt the screen downwards slightly, which if anything will probably signal that you want privacy.
Block their view: This is a more aggressive method, but if you're looking at sensitive work documents on the go then that's your prerogative. You can use your free hand to cover the side of your smartphone that's been compromised.
If it's a laptop, hold an object up at the side of the screen, such as the case, or a book, or your bag and block off the vantage point. During the winter months, a big coat can come in handy.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Sit out of view: When working remotely in a coffee shop or a public place its best practice to find a seat against a wall to keep all those prying eyes in front of you and over the other side of your laptop screen. For an extra top tip, make sure the wall isn't all glass or mirrored and, if sitting outside, try to sit against a wall and away from crowds.
This is not much help when commuting, although the back of the bus will also work if you want to hide what you're Googling.
Work from anywhere: Empowering the future of work
Employees want to work from anywhere, IT needs to be able to support this shift
Work from home: If you've got dodgy Wi-Fi at home and have to work in a public place, then shoulder surfing is an occupational hazard. However, if you have a great home connection - use it. The best way to stop people snooping on your company's business is to keep it private, stay home, or actually go to the office - if possible.
Moreover, if you're searching through social media in public and worry that people are snooping, you can always just switch it off and put your device away. Take the opportunity to be social in real life rather than online, or perhaps read a book on your commute instead.
Invest in a privacy display: There are a number of business-focused devices on the market that keep shoulder surfing in mind when it comes to the design phase of development. HP is a champion of the technology with its Sure View displays that are designed to be viewable only at very specific, head-on angles. Any peering eyes from the side are usually met with a well-blurred display - a tactic that can help keep client data safe from those in adjacent aisles on an aeroplane, for example.
HP is far from the only brand in the laptop market shipping with built-in privacy screens, and even if your device doesn’t have one, third-party manufacturers are easy to find. You can pick up a removable privacy screen for your own device for very little money if you’re planning on working outdoors frequently.
Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.