Everywhere you look in todays media, both in the infosec industry and mainstream media, there is yet another case of X thousands of records being lost on a memory stick by one organisation or another, and the trend seems to be getting worse. This is either because people are getting more careless (possibly) or the media is getting better at reporting it (probably). Either way, the brand and reputational damage alone is significant to any company, no matter its size.
There are two elements to this that are worth exploring:
Firstly, the prevalence of USB sticks is a part of the problem, they have become a simple commodity. They are on sale in newsagents, supermarkets and petrol stations, and are in peoples pockets, on their key rings and in hand bags. As a result it has become very natural to share files, photographs and anything else using them, and that familiarity has drifted into the workplace, especially when they are handed out at trade shows and demanded from IT departments. The problem is that they are not even basically secured, and that has become acceptable to the average person in the street.
Secondly, the media has found the “loss” of data a rich source of column inches to help sell their newspapers. The ironic part however is that in many cases when you read the back half of the story away from the headline, it transpires that the memory stick was in fact encrypted and would take the collective might of at least North Korea five years to break into.
So we have a dichotomy; a prevalence of unencrypted memory sticks in the marketplace, and the tendency therefore to assume that all memory sticks are insecure and report them as such.
The solution in a BYOS environment is simple – only buy encrypted memory sticks! It only needs to be a one time investment (my personal preference is the IronKey), and relegate all of your old memory sticks to the bin (or your favourite computer recycling facility of course). If cost is an issue (and they are more expensive, then use something like TrueCrypt (www.truecrypt.org) to encrypt your existing sticks and an be sure to keep using it. trueCrypt even has a portable mode that allows the executable to reside on a smaller unencrypted partition of the drive allowing it to be used on other systems.
By making a habit of only using encrypted portable media we all move one step closer to the concept of BYOS.
There are many different manufacturers of these filters although the best known (and possible inventor?) of them is 3M. Basically they use a “micro louvre” system to ensure that when placed onto the screen the image can only be viewed from directly in front. Someone sat next to you can not see the screen at all, just a black image. The louvres work in a similar way to venetian blinds but in a vertical arrangement; when they are open you can see through them but the moment you move to one side the blind slat itself blocks the way. The principle is the same in the filter – vertical slats that allow enough light out to see the image but block the view fro the side.
As a technology they are very simple, albeit expensive – you can expect to pay upwards of £50/$70USD for a 3M one. That seems rather expensive, so what are the real world benefits?
Most people nowadays will travel for over an hour to their place of work, and with the increasing number of people using a laptop as their primary computer, that travel time can be more effectively utilised by working. Being able to do so without fear of someone viewing the strategy or bid document you are working on gives great peace of mind. Without wishing to countenance the transport of sensitive/confidential documents in open, it does provide an extra level of protection in addition to encryption etc..
Social engineering is also significantly reduced. Someone wishing to engage in a conversation with you to get hold of information has ready access to your screen for topics, interests, even personal details (from your wallpaper?) and has a “hook” to start that conversation. By blocking that view, they have to work much harder for those personal details.
There are downsides to using a screen filter though;
Risk homeostasis, i.e. you begin to think nobody can see your screen, and so let your guard down elsewhere. Bearing in mind that you can only view the screen from directly in front of you, that means that the person peering from between the seats directly behind you can also see the screen.
You are also highlighting the fact that you have something worth looking at! I have experienced interested stares from people in a restaurant in Washington D.C., (where I thought security techniques such as a screen filter would be de rigour) as they saw the lovely golden sheen on my new 3M filter; it was gold as it allegedly helped increase the clarity and privacy at the same time. i certainly drew attention to myself!
Of course the Pros far outweigh the Cons, and so for me the inclusion of a screen filter into my BYOS arsenal is certainly one of the most important pieces of kit to have.
As an aside, filters are also available for phones and tablets. I have one on my iPhone and it is very effective when holding the phone in portrait. If I need to show someone something on my phone i simply rotate it to landscape, and people either side of me can see the screen fully.