What is shoulder surfing?

This social engineering technique can pose a major security risk, so here's how to best protect against it

Someone looking over a woman's shoulder at a phone screen

With outdoor hospitality venues set to reopen in mid-to-late April, who would say no to taking advantage of the spring sun and working from a café or pub garden? Especially since most offices across the UK are to remain closed until later this year and, after a few months of lockdown, many could be feeling rather starved of any kind of social interaction.

However, before you head to your local pub, work laptop in hand, you should first consider some basic safety precautions. The first thing that probably comes to mind in the physical security of your business device. After all, hospitality venues will only be allowed to host customers outdoors for the first few weeks after reopening, meaning that - although fresh air is definitely healthy, public places often invite sticky fingers – you should always keep an eye on your device.

However, stealing sensitive data doesn’t always involve the physical act of picking up someone else’s laptop and running away with it. In fact, a simple glance over the victim’s shoulder may suffice, providing information such as login details, passwords, or PIN codes.

Shoulder surfing, as the term may suggest, is a form of social engineering used to gather information just by looking over someone’s shoulder to obtain data crucial to logging into otherwise secure systems. Criminals are able to covertly look at your screen while you work in a public space, and memorise or record what keys are being used to type in sensitive information, which can be then used to access the services your business uses.

Thankfully, there are some ways you can minimise the danger of wandering eyes and keep your shoulders surf-free.

Tilt your device

If you are using a smartphone on a train or bus and feel the unwanted gaze of someone else over your shoulder, you can simply tilt the device away. Similarly, you can lower the phone and cut off the angle.

This tactic is a little more difficult with a tablet or laptop but does still work if it's the person sitting next to you having a snoop. With a laptop, you can always tilt the screen downwards slightly, which if anything will probably signal that you want privacy.

Block their view

This is a more aggressive method, but if you're looking at sensitive work documents on the go then that's your prerogative. You can use your free hand to cover the side of your smartphone that's been compromised.

If it's a laptop, hold an object up at the side of the screen, such as the case, or a book, or your bag and block off the vantage point. During the winter months, a big coat can come in handy.

Sit out of view

When working remotely in a coffee shop or a public place its best practice to find a seat against a wall to keep all those prying eyes in front of you and over the other side of your laptop screen. For an extra top tip, make sure the wall isn't all glass or mirrored and, if sitting outside, try to sit against a wall and away from crowds.

Related Resource

Remote workforce security report

Key challenges, security threats, and investment priorities of organisations during the pandemic

remote workforce security report - whitepaper from OktaDownload now

This is not much help when commuting, although the back of the bus will also work if you want to hide what you're Googling.

Work from home

If you've got dodgy Wi-Fi at home and have to work in a public place, then shoulder surfing is an occupational hazard. However, if you have a great home connection – use it. The best way to stop people snooping on your company's business is to keep it private, stay home, or actually go to the office – if possible.

Moreover, if you're searching through social media in public and worry that people are snooping, you can always just switch it off and put your device away. Take the opportunity to be social in real life rather than online, or perhaps read a book on your commute instead.

Featured Resources

Next-generation time series: Forecasting for the real world, not the ideal world

Solve time series problems with AI

Free download

The future of productivity

Driving your business forward with Microsoft Office 365

Free download

How to plan for endpoint security against ever-evolving cyber threats

Safeguard your devices, data, and reputation

Free download

A quantitative comparison of UPS monitoring and servicing approaches across edge environments

Effective UPS fleet management

Free download

Recommended

Ransomware hit industrial sector the hardest in the third quarter
ransomware

Ransomware hit industrial sector the hardest in the third quarter

25 Oct 2021
Tesco services knocked offline after suspected cyber attack
hacking

Tesco services knocked offline after suspected cyber attack

25 Oct 2021
Microsoft touts new cyber security help for nonprofits
cyber security

Microsoft touts new cyber security help for nonprofits

22 Oct 2021
Ofcom report reveals alarming uptick in smishing attacks
scams

Ofcom report reveals alarming uptick in smishing attacks

22 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Royal Mint to recover gold from smartphones and laptops in world first
Technology

Royal Mint to recover gold from smartphones and laptops in world first

21 Oct 2021