What is shoulder surfing?

This social engineering technique can pose a major security risk, so here's how to best protect against it

Someone looking over a woman's shoulder at a phone screen

With outdoor hospitality venues set to reopen in mid-to-late April, who would say no to taking advantage of the spring sun and working from a café or pub garden? Especially since most offices across the UK are to remain closed until later this year and, after a few months of lockdown, many could be feeling rather starved of any kind of social interaction.

However, before you head to your local pub, work laptop in hand, you should first consider some basic safety precautions. The first thing that probably comes to mind in the physical security of your business device. After all, hospitality venues will only be allowed to host customers outdoors for the first few weeks after reopening, meaning that - although fresh air is definitely healthy, public places often invite sticky fingers – you should always keep an eye on your device.

However, stealing sensitive data doesn’t always involve the physical act of picking up someone else’s laptop and running away with it. In fact, a simple glance over the victim’s shoulder may suffice, providing information such as login details, passwords, or PIN codes.

Shoulder surfing, as the term may suggest, is a form of social engineering used to gather information just by looking over someone’s shoulder to obtain data crucial to logging into otherwise secure systems. Criminals are able to covertly look at your screen while you work in a public space, and memorise or record what keys are being used to type in sensitive information, which can be then used to access the services your business uses.

Thankfully, there are some ways you can minimise the danger of wandering eyes and keep your shoulders surf-free.

Tilt your device

If you are using a smartphone on a train or bus and feel the unwanted gaze of someone else over your shoulder, you can simply tilt the device away. Similarly, you can lower the phone and cut off the angle.

This tactic is a little more difficult with a tablet or laptop but does still work if it's the person sitting next to you having a snoop. With a laptop, you can always tilt the screen downwards slightly, which if anything will probably signal that you want privacy.

Block their view

This is a more aggressive method, but if you're looking at sensitive work documents on the go then that's your prerogative. You can use your free hand to cover the side of your smartphone that's been compromised.

If it's a laptop, hold an object up at the side of the screen, such as the case, or a book, or your bag and block off the vantage point. During the winter months, a big coat can come in handy.

Sit out of view

When working remotely in a coffee shop or a public place its best practice to find a seat against a wall to keep all those prying eyes in front of you and over the other side of your laptop screen. For an extra top tip, make sure the wall isn't all glass or mirrored and, if sitting outside, try to sit against a wall and away from crowds.

Related Resource

Remote workforce security report

Key challenges, security threats, and investment priorities of organisations during the pandemic

remote workforce security report - whitepaper from OktaDownload now

This is not much help when commuting, although the back of the bus will also work if you want to hide what you're Googling.

Work from home

If you've got dodgy Wi-Fi at home and have to work in a public place, then shoulder surfing is an occupational hazard. However, if you have a great home connection – use it. The best way to stop people snooping on your company's business is to keep it private, stay home, or actually go to the office – if possible.

Moreover, if you're searching through social media in public and worry that people are snooping, you can always just switch it off and put your device away. Take the opportunity to be social in real life rather than online, or perhaps read a book on your commute instead.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Defense Dept. expands vulnerability disclosure program to all publicly accessible defense systems
ethical hacking

Defense Dept. expands vulnerability disclosure program to all publicly accessible defense systems

5 May 2021
Security researchers take control of a Tesla via drone
ethical hacking

Security researchers take control of a Tesla via drone

5 May 2021
Best free malware removal tools 2021
Security

Best free malware removal tools 2021

5 May 2021
Acuant acquires identity verification provider Hello Soda
mergers and acquisitions

Acuant acquires identity verification provider Hello Soda

4 May 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021
Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021