IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

What is shoulder surfing?

This social engineering technique can pose a major security risk, so here's how to best protect against it

Someone looking over a woman's shoulder at a phone screen

There’s no doubt you will have thought twice about your surroundings when sending a sensitive text message, using a certain app, or visiting a certain website when out in public, at least once in the past. It’s only natural. What you might not realise is that the watchful eye you feel may be watching your screen in your most paranoid, self-aware state, may actually be a genuine cyber security threat to consider, especially when you’re the gatekeeper of a business’ sensitive information.

True, it would take some seriously sharp vision to spot and remember a set of log-in credentials anywhere out in public, but the threat is most certainly not zero. Just because you couldn’t do it doesn’t mean a seasoned cyber criminal isn’t able to, and the risk of a fine for leaking data under GDPR means corporate workers can never be too careful.

Shoulder surfing is an intuitively named cyber security threat that involves criminals peering over one’s shoulder to glean any login credentials, or any other kind of useful or sensitive data, they may be able to make use of. There are a number of easy-to-deploy tactics that can go a long way to keeping your clients’ data safe, and your data practices compliant.

How can you best protect against shoulder surfing?

Tilt your device: If you are using a smartphone on a train or bus and feel the unwanted gaze of someone else over your shoulder, you can simply tilt the device away. Similarly, you can lower the phone and cut off the angle.

This tactic is a little more difficult with a tablet or laptop but does still work if it's the person sitting next to you having a snoop. With a laptop, you can always tilt the screen downwards slightly, which if anything will probably signal that you want privacy.

Block their view: This is a more aggressive method, but if you're looking at sensitive work documents on the go then that's your prerogative. You can use your free hand to cover the side of your smartphone that's been compromised.

If it's a laptop, hold an object up at the side of the screen, such as the case, or a book, or your bag and block off the vantage point. During the winter months, a big coat can come in handy.

Sit out of view: When working remotely in a coffee shop or a public place its best practice to find a seat against a wall to keep all those prying eyes in front of you and over the other side of your laptop screen. For an extra top tip, make sure the wall isn't all glass or mirrored and, if sitting outside, try to sit against a wall and away from crowds.

This is not much help when commuting, although the back of the bus will also work if you want to hide what you're Googling.

Related Resource

Work from anywhere: Empowering the future of work

Employees want to work from anywhere, IT needs to be able to support this shift

Work from anywhereFree download

Work from home: If you've got dodgy Wi-Fi at home and have to work in a public place, then shoulder surfing is an occupational hazard. However, if you have a great home connection - use it. The best way to stop people snooping on your company's business is to keep it private, stay home, or actually go to the office - if possible.

Moreover, if you're searching through social media in public and worry that people are snooping, you can always just switch it off and put your device away. Take the opportunity to be social in real life rather than online, or perhaps read a book on your commute instead.

Invest in a privacy display: There are a number of business-focused devices on the market that keep shoulder surfing in mind when it comes to the design phase of development. HP is a champion of the technology with its Sure View displays that are designed to be viewable only at very specific, head-on angles. Any peering eyes from the side are usually met with a well-blurred display - a tactic that can help keep client data safe from those in adjacent aisles on an aeroplane, for example.

HP is far from the only brand in the laptop market shipping with built-in privacy screens, and even if your device doesn’t have one, third-party manufacturers are easy to find. You can pick up a removable privacy screen for your own device for very little money if you’re planning on working outdoors frequently.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

What is zero trust?
network security

What is zero trust?

14 Jul 2022
Retbleed hardware-level flaw brings overhead woe to Intel and AMD
Hardware

Retbleed hardware-level flaw brings overhead woe to Intel and AMD

13 Jul 2022
An analysis of the European cyber threat landscape
Whitepaper

An analysis of the European cyber threat landscape

8 Jul 2022
Solve cyber resilience challenges with storage solutions
Whitepaper

Solve cyber resilience challenges with storage solutions

4 Jul 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Samsung proposes 11 Texas semiconductor plants worth $191 billion
Hardware

Samsung proposes 11 Texas semiconductor plants worth $191 billion

21 Jul 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022