A holistic approach to data security is critical to helping protect an organization’s confidential and proprietary information. By adhering to the following visual privacy best practices, a company’s IT/Security team can help mitigate the risk of a visual hacking incident within their business.
1. Ensure that IT security plans include language on visual privacy and visual hacking.
Include actionable standards that define the steps workers should take to uphold visual privacy. Ensure that this language addresses visual hacking threats stemming from confidential information being displayed on devices such as laptops, desktops, smart phones and tablets, as well as physical documents.
2. Educate employees on the risks posed by visual hacking and the importance of visual privacy.
Execute and sustain an internal communication plan to highlight these issues and the standards the company has in place, keeping the topic top-of-mind. Utilize different mediums to supply workers with information on visual hacking and visual privacy. This could include information on the company website, newsletters, awareness bulletins, podcasts, blogs and announcements at staff meetings.
Hold training modules to bolster awareness of the risks associated with visual hacking. Include real-world examples of how and when visual privacy might be compromised. Training should first occur during the on-boarding process and continue on a regular basis.
3. Identify those employees within the organization most at risk for visual hacking.
― Frequency of travel
― Sensitivity of data managed
― Time spent working outside the office
― Level within the organization
4. Equip all workers, especially those deemed “at risk,” with a “Visual Privacy Toolkit” that offers resources to aid in combatting visual hacking.
Elements of the toolkit could include:
― Privacy filters for employees that are most at risk for visual hacking.
― Layering physical and software security technologies for a defense-in-depth approach to data security.
― Requiring masked passwords on devices.
― For physical documents, providing secure storage for confidential documents and enact a “clean desk” policy.
5. Proactively complete routine situation and site analyses to use as awareness tools.
Keep a log of actual documents and files that are regularly observable and adjust IT/Security standards, communication plans and training modules to address the findings of these analyses.
We are providing this information as a courtesy to you, free of charge. While we believe that this information is reliable, its accuracy or completeness is not guaranteed. Accordingly, the foregoing information is provided “AS-IS”. In providing this information, we make no warranties regarding particular product use or performance, including any implied warranty of merchantability or fitness for a particular use.