Save the Peaky Blinders for the TV screen, not your smart devices

As physical meetings return, so do other events like large scale exhibitions and conferences. Unbelievably, at these events, cases of #ShoulderSurfing often occur.

So, what is ‘Shoulder Surfing’? This is a well-known tactic where an adversary will often watch what a user is typing or working on, making a note of that information, and then using it to their advantage at a later stage. Whether it is observing a password entry, seeing sensitive data which could be anything from pricing strategies, client data, or personal identifiable data, all could be disruptive if in the wrong hands.

Picture this, you are at an event and are completing your regular work tasks, whilst enjoying some downtime. How would it make you feel if you knew that whilst you were working away at your laptop screen, there were individuals lurking to capture the sensitive and personally identifiable data, you are working on?

This is exactly what occurred during an event in the South East recently. The activity was identified by Chris White, Detective Inspector and Head of Cyber and Innovation at The Cyber Resilience Centre for the South East. Chris said:


“Whilst stood on the stand, I noticed a couple of individuals who were up to no good, walking around the breakout area, which is a popular place for people to work on their laptops.
“I noticed them slowly walk behind those using their devices, looking at what was on their laptop screens. They then double-backed and returned to one person who was completely unaware of their quiet presence behind them. Whatever was on that screen, they clearly took an interest in."

I approached the individual who was busy working away, which provoked the lurking individual’s aka #VisualHackers to walk away. I let the person know what had just happened. On this occasion they were working on sales and vendor data which is what those who were lurking would have seen. I talked to them about an immediate solution, which involved doing simple things such as moving their table and backing it up to a wall, to help protect them from this vulnerability happening again.”

Chris continued: “A more longer-term fix would be positioning yourself safely when you start work preventing people from being behind you. Where that is not an option, another solution for most devices these days is to use a privacy screen protector. These enable you to continue working, knowing that unless the adversary is at the same angle and eye level as you, they are very unlikely to see what is on your laptop, tablet, and smart device.”

The modern work environment sees employees extensively using hot desks or shared offices and there are everyday occasions when you do not want co-workers to see sensitive issues you are working on, or the times when you enter your password. So why would this be any different when in a situation where a stranger seeing the same? Do not forget those occasions when you are working in a coffee shop, the threat is still there, whichever smart device you are using, tablet, laptop, or smart phone, all can be protected with a #PrivacyShield #ScreenFilter.

If you are a regular commuter and find yourself working on a bus, train or even plane – can you be confident that those around you, will have never seen anything private that you were working on or entering a system?

Data matters and where there is a chance or risk of someone watching the activities on your screen, we all have a GDPR and Data Protection duty to keep it and other’s data safe. Mostly these exposures are simple to avoid, time consuming to fix, and even more annoying when it is all preventable.


Partnership Notice

3M™ Privacy Filters are an easy-to-implement protection from such costly breaches. To find out more, go to: https://www.secrc.co.uk/who-we-help.


If you would like a free evaluation kit from 3M, please contact 3M here.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.