Executive Summary: Following a troubling incident of sensitive data that was inadvertently exposed by an employee to a client of the company, a Global Management Consulting Firm took steps to reduce the risk of visual hacking by employing the use of privacy filters for certain members of the workforce and including visual privacy as a topic in privacy training.
Organization Overview: One of the largest consulting firms with offices in more than 100 countries and 60,000+ employees. The firm provides a range of services for its corporate clients including litigation support, valuation advisory services and benefits, and compensation consulting.
Business Case: Many of the consultants travel or work from clients’ offices regularly, enhancing awareness of the need for visual privacy and the protection against visual hacking. Since consultants need to have access to sensitive and confidential information in a number of diverse client focuses, proprietary data accessed includes:
• Client account information
• Advisory memos
• Attorney-client privileged documents
• Tax records and IDs
• Confidential consulting reports and presentations
When asked how visual privacy became an issue for the company, the corporate counsel described a recent troubling incident that had the potential to do great harm to the image and integrity of the firm. According to the corporate counsel, a partner was on a plane traveling to a client. He was preparing depositions for a major litigation. On the computer screen in clear text were attorney-client privileged documents. One of the firm’s clients just happened to be seated next to the partner. They started to talk and he could not believe that he was able to see and read these documents. Although the information on the screen had nothing to do with his company, he was concerned that this might be a common and bad practice. The client contacted the firm’s legal department and filed a complaint.
The Benefits: According to the company’s general counsel:
"I do believe the [privacy] filters can minimize the risk of data theft. It is important for the image and integrity of the firm. There is growing awareness among the consultants about the social engineering risk that occurs during travel. Many were not aware that potentially a cyber criminal whose sole purpose is to obtain credentials and personal information could be in the next seat.”
3M is a trademark of 3M Company. ©2015, 3M. All rights reserved.