What is shoulder surfing?
This social engineering technique can pose a major security risk, so here's how to best protect against it
With outdoor hospitality venues set to reopen in mid-to-late April, who would say no to taking advantage of the spring sun and working from a café or pub garden? Especially since most offices across the UK are to remain closed until later this year and, after a few months of lockdown, many could be feeling rather starved of any kind of social interaction.
However, before you head to your local pub, work laptop in hand, you should first consider some basic safety precautions. The first thing that probably comes to mind in the physical security of your business device. After all, hospitality venues will only be allowed to host customers outdoors for the first few weeks after reopening, meaning that - although fresh air is definitely healthy, public places often invite sticky fingers – you should always keep an eye on your device.
However, stealing sensitive data doesn’t always involve the physical act of picking up someone else’s laptop and running away with it. In fact, a simple glance over the victim’s shoulder may suffice, providing information such as login details, passwords, or PIN codes.
Shoulder surfing, as the term may suggest, is a form of social engineering used to gather information just by looking over someone’s shoulder to obtain data crucial to logging into otherwise secure systems. Criminals are able to covertly look at your screen while you work in a public space, and memorise or record what keys are being used to type in sensitive information, which can be then used to access the services your business uses.
Thankfully, there are some ways you can minimise the danger of wandering eyes and keep your shoulders surf-free.
Tilt your device
If you are using a smartphone on a train or bus and feel the unwanted gaze of someone else over your shoulder, you can simply tilt the device away. Similarly, you can lower the phone and cut off the angle.
This tactic is a little more difficult with a tablet or laptop but does still work if it's the person sitting next to you having a snoop. With a laptop, you can always tilt the screen downwards slightly, which if anything will probably signal that you want privacy.
Block their view
This is a more aggressive method, but if you're looking at sensitive work documents on the go then that's your prerogative. You can use your free hand to cover the side of your smartphone that's been compromised.
If it's a laptop, hold an object up at the side of the screen, such as the case, or a book, or your bag and block off the vantage point. During the winter months, a big coat can come in handy.
Sit out of view
When working remotely in a coffee shop or a public place its best practice to find a seat against a wall to keep all those prying eyes in front of you and over the other side of your laptop screen. For an extra top tip, make sure the wall isn't all glass or mirrored and, if sitting outside, try to sit against a wall and away from crowds.
Remote workforce security report
Key challenges, security threats, and investment priorities of organisations during the pandemicDownload now
This is not much help when commuting, although the back of the bus will also work if you want to hide what you're Googling.
Work from home
If you've got dodgy Wi-Fi at home and have to work in a public place, then shoulder surfing is an occupational hazard. However, if you have a great home connection – use it. The best way to stop people snooping on your company's business is to keep it private, stay home, or actually go to the office – if possible.
Moreover, if you're searching through social media in public and worry that people are snooping, you can always just switch it off and put your device away. Take the opportunity to be social in real life rather than online, or perhaps read a book on your commute instead.
Unlocking collaboration: Making software work better together
How to improve collaboration and agility with the right techDownload now
Four steps to field service excellence
How to thrive in the experience economyDownload now
Six things a developer should know about Postgres
Why enterprises are choosing PostgreSQLDownload now
The path to CX excellence for B2B services
The four stages to thrive in the experience economyDownload now