How Data Rooms Protect from Camera Based Attacks
Date: 20 February 2018 Share on Twitter Share on Facebook
Two decades ago Facebook and Uber didn’t exist, the internet was slow and businesses throughout the world relied on physical data rooms to share sensitive company documents with prospective partners.
We’ve come a long way since then.
Facebook and Uber form part of our daily lives, the internet is quick (mostly), yet many companies still make use of physical rooms to share data. You might be asking why they don’t use email or some other file sharing service which uses the internet and the answers lies in security.
While most, if not all, companies do make use of email to ensure the daily running of their business units, the platform simply does not offer the level of security needed for the transmission of sensitive company data. Even highly secured email servers can be targeted or breached through the negligence of users, as was seen in the run-up to the 2016 presidential election in the US.
Another issue of traditional file sharing platforms that also tends to be overlooked is their susceptibility to camera based attacks. While the name is quite alarming, camera based attacks refer to the use of cameras to capture sensitive information on documents, which is often distributed or sold due to its sensitivity. An example would be a student who takes a picture of a test paper in an exam so that he can send it to other pupils who may be writing the exam at a later stage. In this case, the obvious solution would be to prevent cameras or phones from entering the exam hall, but in the real world, preventing camera based attacks is harder than it might seem.
Typically, when you send a document to someone via email, you intend that only they view the document and that they do not share it with others or the public at large. Unfortunately, this relies almost completely on trust as there is no physical or digital way to prevent someone from forwarding the email or printing it out and distributing it. Often you may not even know that such a breach has occurred and it can be impossible to trace, especially when the documents have been distributed physically.
To combat this issue and to allow for a heightened level of security when sharing documents, virtual data rooms (VDR) employ a host of features designed at both preventing unsolicited viewing and tracing potential culprits.
On a basic level, VDR use access controls and permission to determine what the recipient of a document may do with it. As the owner of the document, you could restrict recipient from viewing certain pages, printing certain pages or even being able to download the document. Coupled with a single-access password or ‘key’, this can ensure that only the intended recipient can view the data and that he/she cannot physically or digitally distribute it.
Camera-based attacks try to circumvent this restriction by using a camera or the screenshot function on a laptop to create a duplicate digital image copy of the document in question. These images can then be distributed and can contribute to further unsolicited viewing.
Fortunately for business, virtual data rooms have features such as fence view and digital watermarking, which aim at both preventing and disincentivizing data breaches. Fence view is a preventative measure that obscures the majority of the document so that it is unreadable but leaves a small window, which can be moved by the solicited reader as they progress through the document. While this cannot prevent a camera based attack in its entirety, it does make it much more of an inconvenience to potential attackers.
Digital or dynamic watermarking is a feature of virtual data rooms that involves certain information being automatically embedded into each and every page and document viewed or downloaded from the data rooms. The information contains personal details such as the name of the viewer, IP address and location so that in the event of a breach, the source can be easily identified. Being able to identify breaches (both intentional and unintentional) is perhaps the strongest security measure against camera based attacks as it leaves the person liable to potential prosecution or fines.
Along with additional features such as document expiry, these security tools used by virtual data rooms aim to keep information secure and safe from unwanted eyes through preventative and incentive measures.