The SearchInform DLP deals with the smartphone threat
16.02.2023

Most often employees use gadgets, such as flash drives or take PC screen photos with the help of smartphones to conduct a data leak. What's more, approximately 30% of data leaks are conducted with the help of smartphones.  For instance, it is a widely spread practice to take screen photos when working with a client database. Data transmission blocking can help to deal with the problem of illicit data copying to flash drive. However, the issue of taking photos of a screen with the help of a smartphone had remained a “blind spot” for a long period of time.

Nevertheless, the SearchInform DLP  system is capable of detecting cases, when users point smartphones at a PC screen. The system deals with the task with the help of neural networks.The DLP system activates camera in accordance with the timetable set or according to different parameters (for instance, in case a critical process is activated). In case the system detects that an employee has a smartphone in hands it sends a notification to an information security officer.

So, in order to detect the threat of data leak with the help of a smartphone it is required to complete four actions:

1. The first step is to configure obligatory process of taking photos via web-camera when specific processes are activated and when a user attends specific web-sites, or simply according to the timetable set. For instance, taking of photos may be activated when presentations in .PPT format are opened. The SearchInform DLP system checks photos and detects whether a user has a smartphone in hands.

2. The next step is to examine the results of checking against the policy of smartphones detection. The system gathers all the results, even if a smartphone was only allegedly detected. With the help of a specific filter it is possible to set the percent of similarity recognition. We recommend to set this parameter above 90, and the results with the highest indexes are the ones wher DLP detected a smartphone on a photo. 

3. In order to ease the work process, it is useful to automatize the recognition process and set the security policy. In order to do this choose the search among CameraController databases and set “Detection of screen capture with phone” in the list of attributes for policy setting. Activate check against the policy. Thus you will obtain all the cases, when the DLP solution revealed that a user had an item, similar to a smartphone in hands.

4.  After users, who took photos of PC screen via smartphone are identified, it is required to reveal what exactly was photographed.
In order to do it we need to compare the time of the snapshot and the onscreen content at that time. The data may be obtained in the MonitorController: it is required to choose the photographed PC and time, when the photo was taken. For instance, let us imagine that a manager has just taken a photo via his smartphone. We can see, that the client database was opened at that moment. 

The main drawback of this method is that screenshots should be taken as frequent as photos via the web-camera. In other case it will not be possible to state authentically what exactly was depicted on the employee’s PC screen at some specific moment.

In case the incident somehow happened and the image leaked, watermarks help information security officers to detect the culprit of the incident. Watermarks enable to detect the source of the data leak and investigate the incident. 

If you wish to test the smartphone detection function, follow the link.
 

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.