In-depth

What is shoulder surfing?

This social engineering technique can pose a major security risk, so here's how to best protect against it

Someone looking over a woman's shoulder at a phone screen

With the UK's second lockdown coming to an end, we now have more flexibility in where we can work. While we've been confined to home offices for the past few months, it's likely that more will begin to work from coffee shops, shared workspaces or company offices. 

As such, the device you use for said work will potentially be visible to others and the information on it more susceptible to 'shoulder surfing'. 

This is a form of social engineering that is used to covertly obtain information such as passwords or identifiable data. The name may sound innocent, but it is anything but. A simple glance over the shoulder can be used to see the pin code of your main bank card. It can be used to spot the login details for an online service, and can even be used to get the details to access your the services your business uses. 

Part of the problem with shoulder surfing is the amount of opportunity to do it. The mass adoption of internet-connected devices and remote software means most people are typing in passwords, saving information and reading important things on the go all the time. Commuting is rife for smartphone and laptop use. Even on the underground where there's no signal, people can work and use certain services. The person next to could be looking. 

Thankfully, there are some ways you can minimise the risk and work, or play, in peace.  

Tilt your device

If you are using a smartphone on a train or bus and feel the unwanted gaze of someone else over your shoulder, you can simply tilt the device away. Similarly, you can lower the phone and cut off the angle.

This tactic is a little more difficult with a tablet or laptop but does still work if it's the person sitting next to you having a snoop. With a laptop, you can always tilt the screen downwards slightly, which if anything will probably signal that you want privacy.

Block their view

This is a more aggressive method, but if you're looking at sensitive work documents on the go then that's your prerogative. You can use your free hand to cover the side of your smartphone that's been compromised.

If it's a laptop, hold an object up at the side of the screen, such as the case, or a book, or your bag and block off the vantage point. During the winter months, a big coat can come in handy.

Sit out of view

When working remotely in a coffee shop or a public place its best practice to find a seat against a wall to keep all those prying eyes in front of you and over the other side of your laptop screen. For an extra top tip, make sure the wall isn't all glass or mirrored.

This is not much help when commuting, although the back of the bus will also work if you want to hide what your Googling.

Work from home

If you've got dodgy Wi-Fi at home and have to work in a public place, then shoulder surfing is an occupational hazard. However, if you have a great home connection, use it. The best way to stop people snooping on your companies business is to keep it private, stay home, or actually go to work.

Related Resource

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

And, also, If you're searching through social media in public and worry that people are snooping, you can always just switch it off and put your device away. Take the opportunity to be social in real life rather than online, or perhaps read a book on your commute instead.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
What is public key infrastructure (PKI)?
Security

What is public key infrastructure (PKI)?

12 Jan 2021

Most Popular

Should IT departments call time on WhatsApp?
communications

Should IT departments call time on WhatsApp?

15 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021