Blog

7 Ways For Commuters To Protect Data - Beware Shoulder Surfers!

7 Ways For Commuters To Protect Data - Beware Shoulder Surfers!

Monday, October 2nd, 2017

We spend a lot of our time and energies reading news about Anonymous, Fancy Bears, Russian state hacks, the USA Presidential Elections and similar related digital information security stories. Not to play down these digital newsworthy cyber attacks and threats (such as Anonymous taking down 10,000 porn sites), but we must make sure that all of our information security bases are covered.

At a recent talk, we covered issues around building design, layouts of offices with risks of being overlooked, leaving files on trains and similar high-profile problems about data being spotted in public.

For the last of these, in the UK alone there have been a few notable examples where data breaches have occurred just by notes being photographed by high resolution cameras: police raid plans being photographed and released by the press, how police are going to arrest Julian Assange outside the Ecuadorean Embassy. And there have been quite a few instances of just leaving documents lying around in taxis, in toilets and on trains.

More data left on a train!!
The latest example revealed that the schedule of Theresa May, the British Prime Minister, was apparently left on a train. This has been discussed as a "serious data breach" by some security advisors.  The primary reason, other than political embarrassment, that these instances of data breach have hit the press is due to the size and impact of the data loss.  All too frequently, the potential impact of data loss is overlooked when handling apparently mundane day-to-day stuff.
So, why would Theresa May's schedule be a problem?  Although in the UK we don't have a history of assassinating Prime Ministers, the schedule of the PM could compromise her safety or indeed allow for pressure groups and activists to conceive some form of response to her visits that might affect, devalue or completely undermine their objectives.

Beware Long-lens Camera
In the case of a major police operation being inadvertently leaked, Bob Quick (Metropolitan Police Assistant Commissioner) stood down.  This leak caused an anti-terrorist police operation to be rearranged very quickly so as to not completely lose the operation.  Data was leaked by being photographed by the press. This leak could have seriously undermined the whole anti-terror operation and the intelligence that was leading up to it.

As a matter of principle, all data that we are storing, handling or carrying around has a value, and some of that information might be of much greater value to other point entail recipients than we might think. Here are seven general principles:

  • never let your information out of your sight
  • do not trust your information to the hands of an unknown person (e.g. looking after it whilst you go to the toilet on the train)
  • only carry the minimum information you need for your journeys and business
  • lockable briefcases are valuable
  • if you are working on data in a public or unusual place, ensure that you know who can possibly see your information, especially if you are a known person handling sensitive data (watch out for the long camera lens possibility)
  • loose leaf sheets are more prone to getting lost
  • account for your information; know what you're carrying and know what might be missing

If you want to know more about information security in your business, take our Free Security Challenge.