IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

What is shoulder surfing?

This social engineering technique can pose a major security risk, so here's how to best protect against it

Someone looking over a woman's shoulder at a phone screen

There’s no doubt you will have thought twice about your surroundings when sending a sensitive text message, using a certain app, or visiting a certain website when out in public, at least once in the past. It’s only natural. What you might not realise is that the watchful eye you feel may be watching your screen in your most paranoid, self-aware state, may actually be a genuine cyber security threat to consider, especially when you’re the gatekeeper of a business’ sensitive information.

True, it would take some seriously sharp vision to spot and remember a set of log-in credentials anywhere out in public, but the threat is most certainly not zero. Just because you couldn’t do it doesn’t mean a seasoned cyber criminal isn’t able to, and the risk of a fine for leaking data under GDPR means corporate workers can never be too careful.

Shoulder surfing is an intuitively named cyber security threat that involves criminals peering over one’s shoulder to glean any login credentials, or any other kind of useful or sensitive data, they may be able to make use of. There are a number of easy-to-deploy tactics that can go a long way to keeping your clients’ data safe, and your data practices compliant.

How can you best protect against shoulder surfing?

Tilt your device: If you are using a smartphone on a train or bus and feel the unwanted gaze of someone else over your shoulder, you can simply tilt the device away. Similarly, you can lower the phone and cut off the angle.

This tactic is a little more difficult with a tablet or laptop but does still work if it's the person sitting next to you having a snoop. With a laptop, you can always tilt the screen downwards slightly, which if anything will probably signal that you want privacy.

Block their view: This is a more aggressive method, but if you're looking at sensitive work documents on the go then that's your prerogative. You can use your free hand to cover the side of your smartphone that's been compromised.

If it's a laptop, hold an object up at the side of the screen, such as the case, or a book, or your bag and block off the vantage point. During the winter months, a big coat can come in handy.

Sit out of view: When working remotely in a coffee shop or a public place its best practice to find a seat against a wall to keep all those prying eyes in front of you and over the other side of your laptop screen. For an extra top tip, make sure the wall isn't all glass or mirrored and, if sitting outside, try to sit against a wall and away from crowds.

This is not much help when commuting, although the back of the bus will also work if you want to hide what you're Googling.

Related Resource

Work from anywhere: Empowering the future of work

Employees want to work from anywhere, IT needs to be able to support this shift

Work from anywhereFree download

Work from home: If you've got dodgy Wi-Fi at home and have to work in a public place, then shoulder surfing is an occupational hazard. However, if you have a great home connection - use it. The best way to stop people snooping on your company's business is to keep it private, stay home, or actually go to the office - if possible.

Moreover, if you're searching through social media in public and worry that people are snooping, you can always just switch it off and put your device away. Take the opportunity to be social in real life rather than online, or perhaps read a book on your commute instead.

Invest in a privacy display: There are a number of business-focused devices on the market that keep shoulder surfing in mind when it comes to the design phase of development. HP is a champion of the technology with its Sure View displays that are designed to be viewable only at very specific, head-on angles. Any peering eyes from the side are usually met with a well-blurred display - a tactic that can help keep client data safe from those in adjacent aisles on an aeroplane, for example.

HP is far from the only brand in the laptop market shipping with built-in privacy screens, and even if your device doesn’t have one, third-party manufacturers are easy to find. You can pick up a removable privacy screen for your own device for very little money if you’re planning on working outdoors frequently.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Cyber resiliency and end-user performance
Whitepaper

Cyber resiliency and end-user performance

17 Aug 2022
Can't choose between public and private cloud? You don't have to with IaaS
Whitepaper

Can't choose between public and private cloud? You don't have to with IaaS

12 Aug 2022
What is zero trust?
network security

What is zero trust?

14 Jul 2022
Retbleed hardware-level flaw brings overhead woe to Intel and AMD
Hardware

Retbleed hardware-level flaw brings overhead woe to Intel and AMD

13 Jul 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
UK water supplier confirms hack by Cl0p ransomware gang
ransomware

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022