CCTV: Are they Capturing your Information?

ISO 27013
ISO 27013

Cameras are everywhere these days, in the street, on private property, in the workplace, on door bells and on the back of cars. If you are reading this on a smartphone there’s probably one looking at you right now.

We’ve got so used to CCTV for ‘Crime fighting and safety” purposes that they often blend in to the background, watching us as we go about our daily lives. We willingly sacrifice a lot of our privacy in order to have the benefits that technology like CCTV brings.

But could CCTV be capturing more than you think?

 

Shoulder Surfing Attacks

When scoping information security risks we often consider the threat of shoulder surfing, where unauthorised individuals gain access to information by overlooking or overhearing you while you work. This is a common risk on public transport and in coffee shops, where I’m sure we’ve all experienced someone being a little too free with their organisation’s information.

CCTV cameras could make this all the easier.  How often do you check the field of vision for any security cameras before typing in your PIN or password to access a device?

And more, how considerate are you about the content on your screen while you wait in a CCTV monitored reception or meeting room?

 

Too Many Hours of Film, Enter AI

It might be fair to say that there would be too many hours of film from the many cameras for a human to trawl through on the off-change of gleaning some confidential information.

However, that doesn’t prevent a socially engineered and targeted attack, designed to observe you entering a particular password.

And as AI becomes more prominent in daily tech, the information captured and processed automatically will become more sophisticated.  In the future attackers might not even need to know what they are looking for.

 

Be Security Aware

There’s no easy mitigation for these risks and you might think that the likelihood of it happening to you is fairly low, however basic cyber security principles can be applied to reduce the chances.

  1. Be Aware of the Environment

As always when you work away from your usual environment, remain aware of your surroundings.  

Think carefully about what information you access and try to avoid being overlooked, including by cameras.

 

 2. Look for Suspicious Activity

Official advice recommends you select a strong password and keep it unless you believe it has been compromised.

While this has many benefits, it doesn’t mitigate against an unknown password or pin compromise.

Checking the activity on your accounts regularly might help you spot a problem and if you think your credentials are compromised, change them immediately.

 

3. Use MultiFactor Authentication

Multi factor authentication is widely available now and many popular software systems and services have the ability.

Adding another login factor greatly reduces the chance of an attacker successfully accessing your account.

 

4. Use Biometrics

Initially unpopular, now fingerprint and facial recognition is common on devices.

Use of biometrics is still relatively difficult to bypass, although not impossible.

 

5. Know who operates the cameras

Cameras capturing your image should be obvious as to who operates them and  in most cases require a notice or signage explain why they are being used.

Most of us ignore these signs but if you do believe your information has been attained, it can be useful to know.

You also have a right as an individual to access your personal data (the image of yourself) and request it to be deleted unless there is a lawful reason for the camera operator to keep it.

 

Summary

Technology brings many benefits to your lives but as cameras become more prominent and AI more easily available, we need to change our working habits to mitigate new and evolving risks.

A combination of technical controls and soft policy/awareness are needed.

ISO 27001, the international standard for information security, provides a framework for managing risks and can be built on to cover many other management disciplines and regulatory compliance needs.  Contact us for more information.