A recent experiment by Ponemon Institute showed that hacking techniques go beyond the typical digital realm. Visual hacking is one method that is easier than brute-forcing passwords or exploiting vulnerabilities. Visual hacking is straightforward to understand; it relies on visually observing and remembering information found on computer screens, phone screens, on desks, sticky notes, paper, etc. This technique is so easy an 8th grade student used it to gain access to his school’s network. The 8th grader changed the image on his teacher’s desktop. His prank was pretty harmless, but was unnerving for the teacher. If the same technique were in an office setting, it could result in a data leak.
Visual Hacking Experiment
Ponemon Institute tested 8 companies to determine how well they stood against a visual hack.
- 88% of visual hacking attempts were successful.
- 20% of the data hacked was considered very valuable.
- In 45% of the hacks, researchers were able to obtain information in 15 minutes or less.
- In 70% of hacks office workers observed hacks but did not stop them, even after obviously suspicious activities.
Visual hacking researchers were given three visual hacking tasks to complete. In the first task researchers walked through an office gathering any sensitive information available on desks, computer screens, and other easy-to-access locations. In the second task, researchers conspicuously attempted to grab documents labeled as confidential and tried to put them in a briefcase. In the third task researchers used their phones to take pictures of computer screens in full view of office workers.
Mitigating Visual Hacks
Educate Employees
Educate employees on what visual hacking is. Employees should not keep login credentials, sensitive documents, or other sensitive information visible on desks, walls, or anywhere it is clearly visible. They can also help by knowing who’s who in the company (this may be more difficult in larger companies). Once they learn the faces of their co-workers, they’ll recognize anybody out of place and they can then take appropriate actions.
Smart Office Design
The Ponemon study shows that offices are prime locations for visual hacking. Current office layouts have moved away from individual cubicles to large open areas, where employees can more easily interact. This makes for a dynamic work environment, but it also makes things easier for someone wanting to harvest information while walking through the office. It is in your best interest to install card access locks on doors or office areas that not all employees need access to. It may also be a good idea to consider a surveillance camera system.
This Ponemon Institute study gained valuable insight about visual hacking, a topic that many experts don’t think about in their day-to-day work. Educating employees about the risks and designing your office to ward off this type of intrusion is important for your organization’s security.