The Simple Things Part Three – Screen Privacy Filters

Leave a comment

Continuing on the theme of Bring Your Own Security (BYOS), the use of a screen privacy filter makes a huge difference in someone’s ability to work in public spaces privately.

There are many different manufacturers of these filters although the best known (and possible inventor?) of them is 3M. Basically they use a “micro louvre” system to ensure that when placed onto the screen the image can only be viewed from directly in front. Someone sat next to you can not see the screen at all, just a black image. The louvres work in a similar way to venetian blinds but in a vertical arrangement; when they are open you can see through them but the moment you move to one side the blind slat itself blocks the way. The principle is the same in the filter – vertical slats that allow enough light out to see the image but block the view fro the side.

As a technology they are very simple, albeit expensive – you can expect to pay upwards of £50/$70USD for a 3M one. That seems rather expensive, so what are the real world benefits?

Most people nowadays will travel for over an hour to their place of work, and with the increasing number of people using a laptop as their primary computer, that travel time can be more effectively utilised by working. Being able to do so without fear of someone viewing the strategy or bid document you are working on gives great peace of mind. Without wishing to countenance the transport of sensitive/confidential documents in open, it does provide an extra level of protection in addition to encryption etc..

Social engineering is also significantly reduced. Someone wishing to engage in a conversation with you to get hold of information has ready access to your screen for topics, interests, even personal details (from your wallpaper?) and has a “hook” to start that conversation. By blocking that view, they have to work much harder for those personal details.

There are downsides to using a screen filter though;

Risk homeostasis, i.e. you begin to think nobody can see your screen, and so let your guard down elsewhere. Bearing in mind that you can only view the screen from directly in front of you, that means that the person peering from between the seats directly behind you can also see the screen.

You are also highlighting the fact that you have something worth looking at! I have experienced interested stares from people in a restaurant in Washington D.C., (where I thought security techniques such as a screen filter would be de rigour) as they saw the lovely golden sheen on my new 3M filter; it was gold as it allegedly helped increase the clarity and privacy at the same time. i certainly drew attention to myself!

Of course the Pros far outweigh the Cons, and so for me the inclusion of a screen filter into my BYOS arsenal is certainly one of the most important pieces of kit to have.

As an aside, filters are also available for phones and tablets. I have one on my iPhone and it is very effective when holding the phone in portrait. If I need to show someone something on my phone i simply rotate it to landscape, and people either side of me can see the screen fully.

The Simple Things Part Two – Encryption

Leave a comment

I have often said that encryption is like the anti-virus of twenty years ago, just without Doctor Solomon’s socks (that comment in of itself shows my age and when I first started in IT!). What I mean by that is twenty years ago when viruses first started to appear in their hundreds, anti-virus products started to appear in earnest. Not everyone bought or licensed an anti-virus package because they were expensive and the threat was also somewhat small. When it was licensed in the enterprise it was normally a low cost “detection” package that was rolled out onto the desktop with only a few of the expensive “removal packages” in the IT department to carry out the actual disinfection. Home use of anti-virus was virtually unheard of.

Roll forward nearly two decades and anti-virus is everywhere. It is on your computer when you first buy it, it is on every corporate machine (even the OSX environments) and there are even free versions. Everyone, everywhere has an anti-virus package, and only the most foolhardy or ignorant won’t have one installed (although it won’t take long before a trashed disk from a virus or malware will persuade them!).

This is not unlike the case today with encryption. I have come across many small to medium sized organisations that do not have any kind of encryption on any portable device, let alone their laptops, and home use is virtually non existent amongst my friends and colleagues (my peers in the info sec industry are obviously a little more ahead of the game!)  I do believe we are in the middle of a sea change however, but it is a slow, organic change similar to the anti-virus evolution.

I know there are many “encryption” companies out there that do a basic full disk encryption (FDE) package, but off the top of my head I can only name four:

  1. Symantec (PGP)
  2. TrueCrypt (Open Source)
  3. BitLocker (Microsoft)
  4. FileVault (Apple)

For the average user, and indeed many businesses, that is not a huge choice. Even companies that have Windows 7 and Lion installed, the encryption element itself is not automatically turned on, and with Apple there isn’t even any kind of centralised key management (unless, of course, you wish to trust Apple with the keys to your kingdom).

For me, it is simple; encryption must be a part of the full IT procurement cycle. It needs to be budgeted for in the lifecycle of any computer purchase, and in the case of the enterprise, key management needs to be as normal and as natural as Active Directory management. (That same rigour then needs to be applied to removable media as well). Education in the proper use of it is essential (when a laptop is running or suspended it is effectively unencrypted, when it is switched off it is encrypted), and the inclusion of desktops is essential. After all, hard disks get stolen or sent to the disposal company accidentally without being wiped…

Home use also needs to be targeted – only when encryption capabilities are as ubiquitous as anti-virus will a change occur in the way we use computers both at home, schools and work, because users will demand it. The theft of computers from homes opens up all kinds of issues regarding credit card, password and identity theft.

As with all of the things in this list, encryption is not a panacea, but it is an important tool that needs to become as natural to use as a knife and fork, or perhaps more appropriately, as acceptable as anti-virus. What price must be paid in lost data before encryption becomes the rule, rather than the exception?