A simple step to reduce sensitive data leakage
Given how important the company’s data is and the ever more stringent nature of the data protection regulations, it’s always good to keep an eye out for simple steps to improve data security that don’t require huge amounts of IT time and budget. I was reminded of one of these recently during a briefing with a vendor that I hadn’t talked to in a long time.
But before getting onto that, let’s lay out some context.
A significant challenge is that many of your users likely have no idea just what data protection requirements they should follow. After all, an accurate knowledge of the legislation and regulations that apply is a black art typically known in detail only by lawyers. And even they make profitable business by arguing about those ‘details’.
Even if users have some high level awareness of widely publicised regulations such as the Data Protection Act, the chances are they couldn’t tell you with any degree of confidence what classifies as ‘personal data’ or ‘sensitive data’. Frankly, it’s a matter no one thinks about until something goes wrong, and then it’s almost certainly you the IT Professional, not the user, who is going to get the blame for not putting adequate policies and protection measures in place.
Take a simple example. Just think about the data that your users have on their screens all day when they are in the office. Is some of it covered by laws and regulations? Yes. Can anyone see what is on a screen? Unless you are in a very heavily regulated and security sensitive business the answer is again almost certainly ‘Yes’.
For most of your users this may not be an issue for most of the time, but if someone is using a machine in an area where visitors pass by, there could be an exposure. Equally if they work on HR or other staff-sensitive matters you probably don’t want even another member of staff to be able to see what’s on their screen.
But what’s showing on the screens in the office may not be the biggest potential data leakage / security / privacy challenge you face. Do some of your staff fire up their laptops, tablets and smartphones during external conferences or meetings with clients, partners and customers? Yes. Do they work on the train or plane or in the airport or coffee shop? More than likely.
I can’t remember how many times I have had someone sit next to me while travelling, even on a short haul plane flight or train journey, and fire up their laptop or tablet. Some of them then proceed to work on files that I really shouldn’t be able to see. On several occasions I have had a passenger sit next to me and start working on data in an area in which I specialise. Not clever from a business point of view and possibly breaking the law as well.
One simple and effective way to reduce the threat of outsiders getting a look at your organisation’s sensitive data is to fix some form of privacy filter to the screen of laptops and smartphones. With such a filter in place, the screen can only be read if you are looking at it head on – a few degrees to the left or right and it is essentially blacked out. This basically prevents anyone looking over your shoulder, e.g. from the seat next to you, being able to see what you are working on.
So why do so few do this?
Well some are not aware that these solutions exist, and others take a cursory look and conclude they are gimmicks or a complement to the tin-foil hat for the more paranoid among us. Another challenge has been the experiences users have had of filters used in the past. You may have had to put up with the hassle of continuously messing around with the unsightly sticky tabs that hold the filter to the screen and degrade over time. You might have used one of the early filters that darkened the screen and made it too difficult to read for even the user.
Today the technology has advanced a long way, as indeed have screen displays themselves, so it might be worthwhile taking a look to see if modern privacy filters could work in your environment. After all, the potential fines your organisation might face for any breach of data protection could now be significant. Never mind the potential for bad publicity or other business loss. The investment to put privacy filters on at least some of the devices your people use outside the office might now make sense.