Corporate-bank relationships are built on trust, and a data breach is perhaps the fastest way to damage that trust. It’s up to treasurers and CFOs to make sure their banks are keeping their information secure.
Case in point: A study conducted by Ponemon Institute, sponsored by 3M Company and the Visual Privacy Advisory Council, found that a white-hat hacker was able to “visually hack” sensitive information 88 percent of the time.
What is visual hacking?
Visual hacking is the viewing or capturing of private, confidential or sensitive information for unauthorized use. Within a financial institution, this could involve someone taking a picture of a customer’s account information displayed on a screen or network login information taped to a monitor. It could also involve someone visually recording sensitive documents left in open view on a desk or on a printer tray.
These examples may have sounded absurd 10 years ago, but today’s technology advances make them entirely feasible. Nearly everyone now has a smartphone with a camera. The question is no longer, “Is visual hacking a threat?” but rather, “How do we prevent it?”
For CFOs and corporate treasurers, this requires vigilance that extends beyond their own company’s data security and privacy policies. It must also cover any organization they work with that has access to their confidential employee and financial information. This extended responsibility almost always encompasses banks and other financial institutions that handle a company’s payroll, loans, cash reserves and other sensitive data.
What should CFOs do to ensure their company’s private information is protected by their partnering financial institution? Make sure your bank is thinking beyond cybersecurity by asking them the following questions about administrative security risks:
- Do you regularly look for opportunities where sensitive information could be viewed, such as employee workstations, teller desks and through office windows? This assessment should also include mobile devices that employees use to access network or customer information outside the bank.
- Do you encourage a clean-desk policy to keep documents containing sensitive information out of view when they’re not being used?
- Are your computers password-protected and turned off when employees step away from their desks?
- Are computer monitors turned away from the public?
- Do you conduct random desk checks to ensure employees are following the security policies?
- Do your technology safeguards include privacy screens that are easily fitted to each computer and mobile device to blacken the screen when looking at it from an angle?
- Do your printers require employees to enter a code to complete their print jobs and place shredders next to printers to help ensure employees use them?
By sharing a commitment to data privacy with your banking institution, CFOs and corporate treasurers can prevent visual hacking—an essential step in protecting the bottom line and ensuring that profits don’t turn into liabilities.
Patricia Titus is CISO, Markel Corporation, on behalf of the Visual Privacy Advisory Council.