A recent experiment by showed that hacking techniquesÌýgo beyond the typicalÌýdigital realm. Visual hacking is one method that is easier than brute-forcing passwords or exploiting vulnerabilities. Visual hacking is straightforward to understand; it relies on visually observing and remembering information found on computer screens, phone screens, on desks, sticky notes, paper, etc. This technique is so easy an used it to gain access to his school’s network. The 8th graderÌýchanged the image on his teacher’s desktop. His prank was pretty harmless, but was unnerving for the teacher.ÌýIf theÌýsame technique wereÌýin anÌýoffice setting, itÌýcould result in a data leak.
Ponemon Institute tested 8 companies to determine how well they stood against a visual hack.
Visual hacking researchers were given three visual hacking tasks to complete. In the first task researchers walked through an office gathering any sensitive information available on desks, computer screens, and other easy-to-access locations. In the second task, researchers conspicuously attempted to grab documents labeled as confidential and tried to put them in a briefcase. In the third task researchers used their phones to take pictures of computer screens in full view of office workers.
Educate employees on what visual hacking is. Employees should not keep login credentials, sensitive documents, or other sensitive information visible on desks, walls, or anywhere it is clearly visible. They can also help by knowing who’s who in the company (this may be more difficult in larger companies). Once they learn the faces of their co-workers, they’ll recognize anybody out of place and they can then take appropriate actions.
The Ponemon study shows that offices are prime locations for visual hacking. Current office layouts have moved away from individual cubiclesÌýto large open areas, where employees can more easily interact. This makes for a dynamic work environment, but it also makes things easier for someone wanting to harvest information while walking through the office.ÌýIt is in your best interest toÌýinstall card access locks on doors or office areas that not all employees need access to. It may also be a good idea to consider a surveillance camera system.
This Ponemon Institute study gained valuable insight about visual hacking, a topic that many experts don't think about in their day-to-day work. Educating employees about the risks and designing your office to ward off this type of intrusion is important for your organization's security.