Businesses of all shapes and sizes have to do all they can to protect themselves against cyber attacks these days, particularly in light of the recent GDPR regulations making hefty financial penalties a reality if a breach does occur.
So it may well be worth noting new research from Southern Methodist University in Texas, revealing that it may well be possible for hackers to gain access to information by using a nearby smartphone to intercept the sounds of typing.
It was discovered that soundwaves produced as we type on our computers can be picked up by smartphones, sounds that can then be processed for hackers to work out which keys were being struck.
Co-author of the study Mitch Thornton, professor of electrical and computer engineering, and director of the Darwin Deason Institute for Cybersecurity, said that based on these findings smartphone manufacturers will have to review their processes and enhance the privacy levels involved.
Eric Larsen, fellow author and assistant professor in the Lyle School’s Department of Computer Science, explained that smartphones have a wide range of sensors that allow it to know its orientation, capable of detecting when it’s sat still on a table or in someone’s pocket.
Some sensors require the user to give permission to turn them on, but many of them are always turned on. We used sensors that are always turned on, so all we had to do was develop a new app that processed the sensor output to predict the key that was pressed by a typist.”
It’s perhaps not quite as simple as that, however, and Mr Larson went on to say that hackers would have to know the material of the table, as this affected the sound waves when typing. They would also need to know if there were multiple phones left on the table, as well as how to sample from them.
While it sounds like it sounds quite difficult for hackers to access your information in this way, it still might be a good idea to prioritise insider threat awareness training at the moment.
Insider threats will typically involve employees or contractors already involved with your company, with specific knowledge about your organisation that anyone on the outside wouldn’t have access to.
Disgruntled members of staff and anyone handed their notice could easily become a malicious insider if you’re not careful, so it’s important to tread with care and make sure you know what warning signs to look out for. Make sure that when employees leave the company, you close down all access and request anything sensitive to be returned before they go.
But it’s also important to remember that some insider threats won’t be malicious and could be accidental, such as sensitive information on a USB stick being left somewhere like a public bathroom by mistake. Either way could prove costly to your business so you need to take all the precautions you can.
Get in touch with us today to discuss re-screens and the general screening options that we can offer.
Only trust an outsourced screening provider who operates to the highest standards; ISO27001, 9001 and with BS10012 (Personal Information Management Systems). Talk to Agenda Screening for a screening service you can trust.