Government workers unprotected against visual data leakage
Oculis Labs released results from its “Government Worker Privacy” survey on privacy risks for mobile workers. 104 people were randomly surveyed at this year’s FOSE conference and exposition in Washington D.C., and of those surveyed, 62 percent are concerned about others looking at their displays while 63 percent admit to having looked at other people’s displays.
While it is no surprise that almost everyone (98 percent) claims that privacy is important to them, an astonishing 82 percent of government employees have no security system for protecting their computer screens.
The survey found that 69 percent of respondents use their computers in public places to view sensitive information. In fact, most respondents indicated they work with multiple types of sensitive information.
Fifty-seven percent stated that they work with financial/credit card data; 18 percent work with For Official Use Only (FOUO) information (this is primarily used by the United States Department of Defense as a handling instruction for Controlled Unclassified Information); 18 percent work with human resources data and 19 percent work with classified information.
While protecting data on computers is top of mind for everyone, most organizations are focused on conventional security technologies such as anti-virus software, personal firewalls and spam filters. The WikiLeaks episode clearly revealed one crucial fact – the government did not have adequate protections on sensitive data, and the status quo of traditional security tools and official policy could not stop a breach.
Besides tightening up controls on removable media, WikiLeaks underscores the need for the government to start looking at a system the way an attacker does – by looking for the weakest links. The majority of breaches are made through social engineering attacks that start with simple observation. Adversaries, especially insiders, start by observing computer screens surreptitiously to launch their attacks.
While most expect the government to operate in a much “safer” working environment, Oculis Labs found that both government and commercial organizations are about equal when it comes to data loss vulnerability.