Two-thirds of today’s employees are exposing sensitive data—some of it highly regulated and confidential—outside the workplace, according to new research into corporate security.
Moreover, most companies do not have policies or measures in place to protect sensitive information from computer screen snooping when employees are working in public places, according to the “Visual Data Breach Risk Assessment Study,” a new report conducted by People Security and commissioned by 3M.
Mobile Workers, Confidential Data
“With the rise in mobile workers carrying confidential data with them outside the office, snooping is no longer a harmless hobby and may represent a weak link in corporate data security practices,” said Dr. Hugh Thompson, of People Security.
“Today’s latest smart phones now make it possible for a data thief to take a high-resolution picture of confidential information on a computer screen and retrieve readable data without any hacking necessary.
“Information revealed on mobile devices outside the workplace now creates a window into a corporation’s most confidential data—whether it is regulated or simply company secrets—and significantly raises the threat level of visual data breaches.”
The study included a survey of 800 working professionals and an experiment at a large IT conference where attendee computer usage habits and data security choices were observed.
More than a half billion sensitive records have been breached since 2005, leaving Americans vulnerable to identity theft, according to the Privacy Rights Clearinghouse’s Chronology of Data Breaches.
In the 3M survey, 71% of working professionals said they had glanced at another person’s computer screen where they saw such things as corporate emails (26%), presentations (20%), documents (18%), spreadsheets (29%) or other corporate sensitive information (11%).
While most respondents said those glances were unintentional, 15% said they were interested in what was on the screen and 2% admitted they were trying to obtain information.
The study also examined how privacy concerns affect the productivity of employees working outside the office. Fifty-seven percent of respondents said they had stopped working on their laptops because of privacy concerns in a public place, and 80% thought that “prying eyes” posed some risk to their organization.
Among other study highlights:
• Employees are exposing regulated customer information and confidential corporate information outside the office. Two-thirds (67%) of respondents had worked with some type of sensitive data—including internal corporate financial information (42%), customer credit card numbers (26%), and customer Social Security numbers (24%)—outside the office in the past year.
• Most employees choose convenience over privacy outside the office. One in four (26%) conference Internet kiosk users accessed corporate email on an unprotected network in a high-traffic public area, although many had the opportunity to use a more secure corporate laptop or smart phone.
• Policies are few. Seven in 10 working professionals surveyed said their company had no explicit policy on working in public places.
• Opportunities are growing. More than half (55%) of respondents said they worked on their laptop in a high-traffic public area at least one hour per week. IT analyst firm IDC estimates that more than 72% of the U.S. workforce has some level of mobility and that more than 75% will by 2013.
• Concerns hamper productivity. Nearly six in 10 respondents said they had stopped working on their laptops because of privacy concerns in a public place; 70% said they would be more productive in public places if they thought no one else could see their screen.