What is shoulder surfing?

This social engineering technique can pose a major security risk, so here's how to best protect against it

Someone looking over a woman's shoulder at a phone screen

With outdoor hospitality venues set to reopen in mid-to-late April, who would say no to taking advantage of the spring sun and working from a café or pub garden? Especially since most offices across the UK are to remain closed until later this year and, after a few months of lockdown, many could be feeling rather starved of any kind of social interaction.

However, before you head to your local pub, work laptop in hand, you should first consider some basic safety precautions. The first thing that probably comes to mind in the physical security of your business device. After all, hospitality venues will only be allowed to host customers outdoors for the first few weeks after reopening, meaning that - although fresh air is definitely healthy, public places often invite sticky fingers – you should always keep an eye on your device.

However, stealing sensitive data doesn’t always involve the physical act of picking up someone else’s laptop and running away with it. In fact, a simple glance over the victim’s shoulder may suffice, providing information such as login details, passwords, or PIN codes.

Shoulder surfing, as the term may suggest, is a form of social engineering used to gather information just by looking over someone’s shoulder to obtain data crucial to logging into otherwise secure systems. Criminals are able to covertly look at your screen while you work in a public space, and memorise or record what keys are being used to type in sensitive information, which can be then used to access the services your business uses.

Thankfully, there are some ways you can minimise the danger of wandering eyes and keep your shoulders surf-free.

Tilt your device

If you are using a smartphone on a train or bus and feel the unwanted gaze of someone else over your shoulder, you can simply tilt the device away. Similarly, you can lower the phone and cut off the angle.

This tactic is a little more difficult with a tablet or laptop but does still work if it's the person sitting next to you having a snoop. With a laptop, you can always tilt the screen downwards slightly, which if anything will probably signal that you want privacy.

Block their view

This is a more aggressive method, but if you're looking at sensitive work documents on the go then that's your prerogative. You can use your free hand to cover the side of your smartphone that's been compromised.

If it's a laptop, hold an object up at the side of the screen, such as the case, or a book, or your bag and block off the vantage point. During the winter months, a big coat can come in handy.

Sit out of view

When working remotely in a coffee shop or a public place its best practice to find a seat against a wall to keep all those prying eyes in front of you and over the other side of your laptop screen. For an extra top tip, make sure the wall isn't all glass or mirrored and, if sitting outside, try to sit against a wall and away from crowds.

Related Resource

Remote workforce security report

Key challenges, security threats, and investment priorities of organisations during the pandemic

remote workforce security report - whitepaper from OktaDownload now

This is not much help when commuting, although the back of the bus will also work if you want to hide what you're Googling.

Work from home

If you've got dodgy Wi-Fi at home and have to work in a public place, then shoulder surfing is an occupational hazard. However, if you have a great home connection – use it. The best way to stop people snooping on your company's business is to keep it private, stay home, or actually go to the office – if possible.

Moreover, if you're searching through social media in public and worry that people are snooping, you can always just switch it off and put your device away. Take the opportunity to be social in real life rather than online, or perhaps read a book on your commute instead.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

NSA and CISA publish guidance on hardening Kubernetes following cloud infrastructure cyber attacks
Security

NSA and CISA publish guidance on hardening Kubernetes following cloud infrastructure cyber attacks

4 Aug 2021
McAfee’s zero trust solution strengthens private applications’ security
cyber security

McAfee’s zero trust solution strengthens private applications’ security

3 Aug 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

3 Aug 2021

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
UK gov considers blocking Nvidia's takeover of Arm
Acquisition

UK gov considers blocking Nvidia's takeover of Arm

4 Aug 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021