When we talk about information security, we usually talk about written data, databases, and data sets filled with sensitive information. We instinctively think about our private email address or phone number being shared online when the words privacy and information security are mentioned. While written, structured data is the most common type of data leaked on the internet, it is far from the only type that requires sufficient protection.
Visual information, which is the most popular form of information today, can reveal just as much sensitive details. As interesting as photos, screenshots, and even videos may be to the audience, you still have to take a more active stance in making sure that the information you share isn’t the information that needs to be protected. Adding a fake IP address to a screenshot is easier than trying to clean up the mess after hackers find out the real IP addresses of your company’s vital servers. To help you do that, we are going to take a look at the most common data leaks in visual information.
Understanding the Risks
As mentioned earlier, it is difficult to deny the appeal of visual information in today’s market. Users are more drawn to photos and videos, making them incredibly effective in conveying key messages in simple ways. In fact, product presentation, screenshots, and explainer videos are now the most popular forms of content online.
The race to produce more visual content, however, comes with a huge risk. When content is produced in a fast-paced environment, it is easy to put information security as less of a priority. There is a superficial need to share the latest photos of products or other visual information as soon as possible.
This is where mistakes occur. A screenshot tool recently made headline news because it shares the screenshots it produces and collects browsing details. It’s not just the tools either. A simple screenshot of a webpage or a conversation can reveal a lot about you and your business. Without proper checks, you risk accidentally leaking sensitive information online.
The risk is further amplified by the fact that you can’t always take back what you have posted online. Images posted online get cached almost immediately. Once they do, they can always be retrieved, even after you delete the original post. Imagine having sensitive business details becoming public knowledge; it is a risk that needs to be taken seriously.
An Image Reveals So Much
There are a lot of details that an image can reveal about your business. After all, a picture speaks a thousand words, doesn’t it? When you post an image online, the IP address used to post that image is the first data you share (un)willingly. From that IP address, a lot can be revealed about your business, including your location and the ISP you use.
EXIF data attached to images also contains a lot of information. A photo taken using a smartphone will include details about the smartphone itself, the location of the photo, camera settings used for the capture, and more. EXIF data isn’t just for photos too; every image created will have EXIF data included in the file.
There is also the risk of using the wrong tools to produce visual information. Webpage Screenshot, the aforementioned browser extension that collects user information, isn’t the only tool that uses the same practice. When you use untrusted tools to create social media posts or visual information for other channels, you risk revealing more about your business.
Of course, the visual content may include sensitive details. A photo of your desk may accidentally reveal your private email address, notes from a business meeting, and other information that should remain private. Names, locations, and other personal details get shared – by accident – all the time. If you think private details in a photo cannot be utilized, think again. Standard infosecurity practice dictates that you should always think that your competitors and bad actors are advanced enough to notice and pull these details from images.
Accidental leaks are also the kind of issue that needs to be mitigated. Internal chats, photos from office parties or retreats, and even images that reveal too much about your product design could result in a serious issue for the business and its employees. A bad photo from an office party, for example, can significantly reduce the confidence level of your customers.
Visual Information Risk Management
With the risks identified, it is time to pivot to better risk management. Identifying the risks is only the beginning. The next part of the process is adding security measures that help minimize – or even prevent – those risks from threatening your business.
Screening is usually the best way to go. All visual information shared must be screened for sensitive information. Using proxies to mask your original IP address and stripping EXIF information from images are also good practices to integrate into your business workflow.
Yes, visual information can leak a lot of sensitive details about your business. The leaks, however, can be prevented using sufficient security measures. Just because visual content is effective, it doesn’t mean you have to rush through the process of releasing it; not when information security is neglected along the way.
