Shoulder surfing sounds a bit odd. Funny almost. But unfortunately for us all, it’s not a joke. Shoulder surfing is a form of visual hacking, where a malicious individual secretly observes the activities of someone else on their computer, mobile phone or other electronic device.
With just a quick glance over someone’s shoulder, attackers can gain access to confidential data and sensitive information, potentially giving them the change to log into your accounts independently later on.
This type of attack is becoming increasingly popular amongst cybercriminals, and it poses significant risks to both individuals and organisations as it can come from anyone, and whenever you are actively using your device, you could be at risk.
To protect your employees from shoulder surfing, here are some tips that you should consider:
Train your employees on safe device usage
The first line of defence against shoulder surfing is employee education. Your employees must be trained on safe computing practices, specifically the importance of not using a work device for confidential activities in a public place, like a coffee shop or on the train.
Employees should also be made aware of the importance of password strength, multi-factor authentication, and biometric authentication features to secure their electronic devices.
Implement physical security measures
Physical security measures are a great way to help prevent shoulder surfing attacks in the workplace. Examples of physical security measures include using privacy screens on computer monitors so only someone sat directly in front of the device can see what’s on the screen; securing computer systems with locks, and implementing security cameras in the office.
You can also modify the office layout to eliminate high traffic areas or places where unauthorized personnel can easily see computer screens. For example, never seat the finance department in a high traffic area and try to use dividers between desks to provide another layer of protection from prying eyes.
Multi-factor authentication (MFA) is an effective way of preventing shoulder surfing attacks as it limits who can log on and view certain information. MFA requires the use of two or more authentication factors to access an electronic device or system. This can include something users know (such as a password or PIN), something they have in their possession (such as a security token or mobile device), or something biometric (such as facial recognition or fingerprint).
Encrypt sensitive data
Encryption is another effective technique for protecting sensitive information from shoulder surfing attacks. Encryption can secure data both while it is stored on computer systems and while it is in transit. Encrypted data is protected from attackers who manage to gain access to it unlawfully.
Use strong cybersecurity practices
In addition to taking the above measures to protect employees from shoulder surfing, it is important to implement strong cybersecurity practices such as keeping software and operating systems updated, disabling USB ports if not needed, using complex passwords or passphrases, and avoiding the use of predictable passwords such as dates or sequential numbers.
How Boxphish can help
If you think your employees could be at risk of shoulder surfing attacks, or under threat to similar cyber attacks due to lack of awareness and a lack of training around how to protect themselves, then look no further. Boxphish can help.
At Boxphish, we offer cyber awareness training and phishing simulations designed to educate our users on what to watch out for, and help them become the first line of defence against cybercrime. Book a demo with us to find out more.