Low-Tech Hacking Works, Too

    Mar 24, 2015

    3M and Ponemon Institute recently partnered in sending an undercover person into 43 offices at seven large corporations to determine how easy it is to steal sensitive or confidential information using only visual means. The result: in 88% of the trials, the hackers were able to access sensitive information.

    The experiment further demonstrated that:

    • “Visual hacking” happens quickly. In 63% of the trials, the hackers obtained high-level, sensitive corporate information in less than 30 minutes.
    • Multiple pieces of information can be hacked. The hacker(s) saw up to five pieces of private information per trial, including corporate financials and confidential employee and customer information. That means companies are likely to be hit simultaneously from multiple directions.
    • Visual hacking goes unnoticed. The hackers were stopped in only 30% of their attempts, but even then had already obtained an average of 2.8 pieces of confidential customer information.

    Protecting your organization’s sensitive information is up to you. Here are some suggestions about where to start:

    • Assess the risk your organization’s office environment could be posing to sensitive information. Visual hacking is pervasive and occurs in all industry sectors and at all levels of an organization.
    • Institute a visual privacy policy that outlines specific actions, procedures, and best practices to prevent the display of important data in plain sight.
    • Train employees to become more aware of what information might be desirable to visual hackers. This training should be an integral part of the organization’s security and privacy strategy.
    • Help senior management become more aware of the risk and ramifications of visual hacking, as well as of the need for additional resources to prevent it.
    • Assess whether employees and contractors have too much access to sensitive and confidential information in their workspaces and offsite locations.

    Two pamphlets in ARMA International’s Records@Work series are available for organizations to use to train employees about this topic. Click on the links below to see a PDF of each pamphlet or to order:

    ·         What Information Do I Need to Keep Secure? (Pamphlet)

    ·         What Information Is Private? (Pamphlet)

    © 2017, ARMA International