Protect Your Screen: The Hidden Risk of Visual Hacking | GBAF

Protect Your Screen: The Hidden Risk of Visual Hacking | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Technology > VISUAL DATA PROTECTION – AN OFTEN OVERLOOKED SECURITY RISK

VISUAL DATA PROTECTION – AN OFTEN OVERLOOKED SECURITY RISK

Published by Gbaf News

Posted on December 3, 2014

5 min read

Last updated: January 22, 2026

Person working on a laptop in a public space, highlighting visual data protection risks - Global Banking & Finance Review — An individual using a laptop in a public area, emphasizing the importance of visual data protection against shoulder surfing. This image illustrates the risks of visual hacking in the financial sector.

By Jack Halewood, 3M

Let’s start with a question: as you’re reading this, can anyone else possibly see your screen? Even if not right now, how often in the office or a public place do you look at information on a screen, whether a tablet, smartphone or laptop?

The reality is that while most financial services companies have implemented very strict information security policies, protecting a screen from prying eyes is often forgotten. Yet there is an 80 per cent chance that UK workers have already been victims of others reading over their shoulders – known as ‘shoulder surfing’ – according to research commissioned by 3M.

While it may be hard to pin down the contribution that ‘visual hacking’ makes to information leaks, the risk is clear: data breaches can cost a financial services organisation more than just loss of reputation. According to the Pomenon Institute’s 2014 Cost of Data Breach Study: Global Analysis, the average cost to a company was $3.5 million US dollars and 15 per cent more compared to 2013. The UK’s Department of Business Innovation & Skills (BSI) 2014 Information Security Breaches Survey 2014 found that the average cost of a large organisation’s worst breach is 600,000 -1.5 million GPB.

Staying with the UK for a moment, the Information Commissioner’s Office (ICO), which has the power to levy fines up to £500,000 for data breaches, issued 20 monetary penalties in 2012-2013 – including some in the financial industry – totalling £2.6 million.

Although the Financial Services Authority (FSA) has been replaced by the Financial Conduct Authority (FCA), its guidelines are still relevant to the financial services sector and its previous documentation has covered visual security, including phone cameras and mobile workers. The UK Financial Services and Markets Act 2000 – which forms the legal basis for determining fines – states that a company must show it ‘took all reasonable precautions and exercised all due diligence’. This includes physical security measures.

Europe-wide, the proposed General Data Protection Regulation (GDPR) could see fines of up to five per cent of annual turnover levied if its supporters get their way. Worldwide, there is increasing focus on data breach clamp-downs, for example most American states have implemented relevant legislation.

Mobile working makes it worse

With more people working remotely on mobile devices and the size of their screens increasing (with the advent of tablets and ‘phablets’), the visual security risk could grow. Recent research from Canalys shows a third of the 279.4 million smartphones that shipped globally in the first quarter of 2014 had screens larger than five inches.

The risk is exacerbated with the availability of high resolution cameras built into most smartphones, making it all too easy to snap a picture of a screen. Anecdotally, I’ve heard of information posted on social media as a result of someone’s screen being viewed on a train, plus another example where another passenger suggested a spelling correction to a senior executive reviewing a document. I suspect that these examples are just the tip of the iceberg.

Apply best practice

So what can financial services organisations do to protect themselves better from visual privacy security risks?

Build visual privacy into information security strategies – ‘Visual hacking’ or ‘shoulder surfing’ risks need to be viewed as an integral part of security processes and rules. An increasing number of organisations are including visual privacy as part of their ISO/IEC 27001 compliance. This is an internationally recognised best practice framework for an information security management system. It is designed to help organisations identify the risks to their important information and put in place the appropriate controls to help reduce those risks.
Educate employees – awareness of the risk is part of the battle. Make sure that staff know that they have a role to play in preventing other people viewing their screens. This is particularly important in offices that may have visitors, but even internally, be aware that some employees are privy to confidential data that others may not be. This extends to mobile usage: despite 24 per cent of people using smartphones or tablets as their primary work device, 77 per cent of them have not been educated by their employees on how to use mobile technology on the move, according to the BSI report.
Blank screens are best – ensure that screens are either switched off or turn quickly to a screensaver if an employee gets up from his or her desk. Also ensure passwords and log-in processes are activated if the computer has not been used for a few minutes.
Mobile working – wherever possible, position the screen so that it is not easily viewable (for instance, by someone walking behind a chair). According to a survey from Samsung in the UK published in May 2014, 69 per cent of people now work remotely from a coffee shop at least twice a week, so preventing casual on-lookers is increasingly important to consider.
Use privacy filters – these can be easily slipped on to desktop monitors, laptops, tablets and smartphones so that only the direct viewer at close range can see the on-screen information (to anyone else, the screen will look blank). These filters can also help to prevent scratches, general wear-and-tear and screen glare.

Given how much we all interact with electronic screens, whether in the office or on the move, together with the very real risks around data breaches, visual privacy needs to be an integral part of any security strategy. Fortunately, there are processes and tools in place that can at least help to mitigate the associated risks and prevent vulnerable data from prying eyes.