Talk about impeccable timing. A new survey released by People Security (and commissioned by 3M corporation), found that two-thirds of employees expose sensitive data outside the workplace. Seems more believable than ever, right?
For Everyone's Eyes Only
The Visual Data Breach Risk Assessment Study surveyed 800 respondents with the intent of assessing the potential exposure of corporate and customer data within the enterprise, as well as to better understand attitudes and behaviors associated with visual privacy.
The report revealed that most companies lack policies or measures to safeguard sensitive information when employees are working outside of their offices. Seventy percent of the respondents indicated that their company had no explicit policy on working in public places, and 79 percent reported no company policy on the use of privacy filters to prevent visual data breaches.
Convenience v. Compliance
Blame it on the open laptop at the coffee shop, or close quarters on the train, plane or bus, but you’d probably be surprised at the information that can be gleaned from an unprotected computer screen. The report makes it very clear:
Employees are putting regulated customer information as well as confidential corporate information at risk outside the office.
It’s not just that the potential for exposing sensitive information is worrisome; the survey found that 67% of respondents had worked with some type of sensitive data outside the trusted confines of the office within the past year. Although it might seem obvious to proceed with caution, most companies favor convenience over compliance and privacy.
Considering that more than 143 million personal records were exposed in 2009 alone (per 2010 Verizon Data Breach Report), it is surprising that the protection of data as it is displayed on a screen has been significantly under addressed.
The Visual Elements of Data Breaches
The survey stressed the need for more privacy filters. But privacy filters aren't just about installation, they are about education. Most employees may not understand the risks associated with checking corporate email accounts from publicly shared computers or on open networks. While it may seem rather innocuous, visual data breaches are likely to occur because of three properties:
- Trade secret or competitive information can often be absorbed quickly by an onlooker.
- Data displayed on a screen can be a gateway to a larger data repository.
- The exposure of even a small number of records may constitute a data breach by current standard and could trigger customer notifications.
Companies have a lot of obstacles to overcome when it comes to integrating mobile and cloud computing into its project and security workflows. Accurate oversight takes not only strict and meaningful policies, but employee education. While information can be easily compromised, the intent is not always malicious, yet security is leaked, just the same.