Security of information in public areas – how do I protect myself against “shoulder surfing”?

Whether you‘re working from home or in public areas, the security risk of in-house information being accessed is significantly increased when you are outside your own company. We often feel too “safe”, particularly when we are working from home, on the train or in a café, and this makes it easier for cyber criminals to “shoulder surfing” – to look over your shoulder unnoticed or to intercept secret information over an unsecured Wi-Fi network. You can find out how to protect yourself from external access in the following blog article.

Shoulder surfing – an undetected glance over the shoulder

The utmost caution is called for when dealing with sensitive information, whether you are working from home, in a meeting or having a phone conversation with customers or business partners in a café, bar, restaurant or hotel. By making careless remarks or working in busy places, there is a risk that internal company information could be overheard or seen. Strangers or competitors might pick up information and misuse it to their advantage. When people look over your shoulder without you noticing or they read information without being noticed, this is referred to as “shoulder surfing”, but the use of unprotected Wi-Fi networks also poses a security risk. Airports also constitute a high security risk for the security of information. There is a risk that when checking in, conversations can be overheard, internal information can be viewed or luggage can be stolen (or left behind). The same applies at railway stations and when using public transport.

Tips for improving information security

The following tips will help you to improve information security and prevent any damage to your company:

• Confidential discussions should not be held in public, as other people can overhear them. Behave discreetly even when you are working from home, and do not let strangers draw you into conversation about your work.
• You should not be working on highly confidential data in a public place. For more general work, choose a secluded seat protected from view and use privacy film on your IT equipment.
• Avoid using public Wi-Fi networks. Browsing via unsecured internet connections can lead to a security breach. A VPN connection provides secure access to the company network. However, never pass on the authentication details. If an unauthorised person gains access to the company's VPN, they can access the entire internal system.
• Never leave any company documents, tablets, laptops or smartphones unattended, whether at home, at the airport or on a plane, in a hotel room or on a train.
• Lock your computer when you leave the place where you are working – this applies not only in the office, but also at home.
• Always keep all sensitive documents and devices with you or lock them away, for example in a hotel safe.
• Whether you are working from home or on the road, keep up a clear desk policy. If IT equipment is lost or stolen, it is important to immediately report the incident to the company.
• Ensure that the software on your IT devices is always up to date, and carry out regular updates. Where possible, encrypt all of your mobile devices' sensitive data and protect them with a PIN or a password.

To provide you with better support when working from home, our cyber security experts have created a checklist for “secure” home working. In it, you will find 44 quick-to-implement requirements for the IT department, employees and management. Download it now, free of charge!

Security awareness for employees

Staff members are key factors for information security in your company. E-SEC's e-learning courses are an exciting way to raise awareness about information security for your employees. Take a look at the following video about information security when you are travelling to get an idea of what it's like. You will find the complete selection of e-learning standard courses here.

Benefit now from the new flat-rate

We are now offering a flat-rate fee for all our standard e-learning courses. This gives you access to all standard courses and not just one, as has been the case up to now with the individual billing model.

From as little as 10 Swiss Francs per user per year*, you can take advantage of our flat-rate and access all our standard e-learning courses. The courses are available in both German and English, and can be used online or as SCORM files (for use in your own LMS). Of course, the courses can also be adapted to suit your specific circumstances.

With our e-learning courses, you reinforce security awareness and assist your employees with protecting the company's valuable information and data. So don't give cyber criminals a chance!

* Example calculated for 1000 users