What is shoulder surfing?

This social engineering technique can pose a major security risk, so here's how to best protect against it

Someone looking over a woman's shoulder at a phone screen

With outdoor hospitality venues set to reopen in mid-to-late April, who would say no to taking advantage of the spring sun and working from a café or pub garden? Especially since most offices across the UK are to remain closed until later this year and, after a few months of lockdown, many could be feeling rather starved of any kind of social interaction.

However, before you head to your local pub, work laptop in hand, you should first consider some basic safety precautions. The first thing that probably comes to mind in the physical security of your business device. After all, hospitality venues will only be allowed to host customers outdoors for the first few weeks after reopening, meaning that - although fresh air is definitely healthy, public places often invite sticky fingers – you should always keep an eye on your device.

However, stealing sensitive data doesn’t always involve the physical act of picking up someone else’s laptop and running away with it. In fact, a simple glance over the victim’s shoulder may suffice, providing information such as login details, passwords, or PIN codes.

Shoulder surfing, as the term may suggest, is a form of social engineering used to gather information just by looking over someone’s shoulder to obtain data crucial to logging into otherwise secure systems. Criminals are able to covertly look at your screen while you work in a public space, and memorise or record what keys are being used to type in sensitive information, which can be then used to access the services your business uses.

Thankfully, there are some ways you can minimise the danger of wandering eyes and keep your shoulders surf-free.

Tilt your device

If you are using a smartphone on a train or bus and feel the unwanted gaze of someone else over your shoulder, you can simply tilt the device away. Similarly, you can lower the phone and cut off the angle.

This tactic is a little more difficult with a tablet or laptop but does still work if it's the person sitting next to you having a snoop. With a laptop, you can always tilt the screen downwards slightly, which if anything will probably signal that you want privacy.

Block their view

This is a more aggressive method, but if you're looking at sensitive work documents on the go then that's your prerogative. You can use your free hand to cover the side of your smartphone that's been compromised.

If it's a laptop, hold an object up at the side of the screen, such as the case, or a book, or your bag and block off the vantage point. During the winter months, a big coat can come in handy.

Sit out of view

When working remotely in a coffee shop or a public place its best practice to find a seat against a wall to keep all those prying eyes in front of you and over the other side of your laptop screen. For an extra top tip, make sure the wall isn't all glass or mirrored and, if sitting outside, try to sit against a wall and away from crowds.

Related Resource

Remote workforce security report

Key challenges, security threats, and investment priorities of organisations during the pandemic

remote workforce security report - whitepaper from OktaDownload now

This is not much help when commuting, although the back of the bus will also work if you want to hide what you're Googling.

Work from home

If you've got dodgy Wi-Fi at home and have to work in a public place, then shoulder surfing is an occupational hazard. However, if you have a great home connection – use it. The best way to stop people snooping on your company's business is to keep it private, stay home, or actually go to the office – if possible.

Moreover, if you're searching through social media in public and worry that people are snooping, you can always just switch it off and put your device away. Take the opportunity to be social in real life rather than online, or perhaps read a book on your commute instead.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

How to encrypt files and folders in Windows 10
encryption

How to encrypt files and folders in Windows 10

9 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Evidence suggests REvil behind Harris Federation ransomware attack
ransomware

Evidence suggests REvil behind Harris Federation ransomware attack

9 Apr 2021
Fujitsu taps Trend Micro to secure private 5G networks in smart factories
5G

Fujitsu taps Trend Micro to secure private 5G networks in smart factories

8 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021