• Visual Privacy Readiness Checklist

    Mesh background pattern Mesh background pattern Mesh background pattern
    • With technology enabling more employees to work in public and increased regulations on data privacy and security, it's more important than ever for organizational leaders to address the threat of visual hacking within their policies and procedures.

      To that end, the following Visual Privacy Readiness Checklist is designed to outline some steps leaders can take to raise awareness of the issues of visual hacking and visual privacy among their workforce. The goal is to prevent private, confidential and sensitive data from being displayed — and potentially visually hacked — in plain sight.

      Visual Privacy Readiness Checklist

      This Visual Privacy Readiness Checklist touches on three fundamental areas: educating your organization's workforce about the issue of visual hacking and the importance of visual privacy, creating specific policies to address these areas, and providing or suggesting solutions to prevent breaches.

      Begin Educating your Organization

      • Include educational modules on visual privacy and visual hacking in your security awareness training
      • Include visual privacy and visual hacking awareness education in your new employee orientation
      • Hold specialized visual privacy and visual hacking awareness training for senior managers and at-risk employees (see below)

      Implement Policies & Procedures

      • Identify at-risk employees using the following criteria:

        o Frequency of travel (flying, commuting on public transit, etc.)

        o Sensitivity of data managed (financial, HR, customer data, etc.)

        o Time spent working outside the office (accessing email and texts or working on sensitive documents)

        o Level within the organization (senior management can be particularly at-risk given the "trade secret" or "confidential" information they deal with)

      • Require the use of privacy filters / privacy screen protectors:

        o On all in-office devices used by at-risk employees to access sensitive internal information (HR, customer data, etc.)

        o On all devices used to access sensitive information in public areas (private patient or customer data)

        o On all devices used by employees when working outside the office

      • If necessary, ban working in high-risk, high-exposure environments (airplanes, trains, restaurants, cafés etc.)
      • Implement a "clean desk" policy requiring employees to turn off device screens and remove all papers from their desks before leaving their workspace
      • Institute security guidelines for IT applications to protect visual privacy
      • Require applications to mask high-risk data to onlookers using strategies listed below (from most secure to least secure):

        o Masking of data along with hiding data length

        o "No exposure" character-by-character masking

        o "Brief exposure" character-by-character masking (popular on mobile devices to ensure accuracy of the data typed in a password field)

        o Masking a data field only when the field is inactive

      Enable Compliance by Providing Solutions

      • Equip employees with privacy screen filters and protectors for all mobile devices (including laptops, tablets, smart phones, etc.) that can be used to access sensitive information in public
      • Equip computer monitors used to access confidential data inside the workplace with privacy filters
      • Set timeouts and screen savers on laptop/desktop displays appropriately to enhance visual security on unattended screens

      3M is a trademark of 3M Company. ©2015, 3M. All rights reserved.