A company, which bills itself as a strategic risk advisor to the financial services industry, had a meeting on September 25th between the senior advisor board and the managing directors. How do I know this? I know this because one of their staff foolishly worked on a Power Point presentation on a plane without taking precautions such as using a privacy filter.
For ethical reasons, I am not going to name the company, although the incident calls into question the internal controls and effectiveness of security awareness training. Is the organization really a risk advisor? Or, are they really a risk agent? What about your small business or organization? Are your staff risk agents which put your valuable assets and information at risk?
Along with the date of the meeting, several other information points were disclosed such as the availability of a senior director to meet with C level clients and international banks. There were also slides on several key challenges this organization faces along with possible approaches to those challenges. Lastly, a spreadsheet which showed client mappings was embedded and opened for anyone sitting behind this individual to view.
Even more entertaining, the passenger sitting next to this person also had their laptop out and although everything had to be read backwards from a reflection on the plane window, (not difficult to do), no confidential information was visible; they we only reading an eBook and listening to Fleetwood Mac Rumors.
Often, security controls do not need to be expensive or elaborate. In this case, for less than $50 for a privacy filter, it would be impossible to shoulder surf on a plane or anywhere else. Examples of available options for a few popular screen sizes are below:
Do you or your employees with laptops get work done in public? Is there confidential or sensitive data on those laptops? If so, the information is easily read and privacy filters are a wise and cost effective investment to protect the information. Are you a risk advisor or a risk agent?