Privacy Filters SHALL be applied to all workstations processing and/or storing confidential and/or restricted data and to all workstations located in publicly accessible areas and SHOULD be applied to laptop computers utilized in telework environments.
Control Type: Physical
Control Function: Preventive
f sensitive business data is being accessed in areas exposed to the public, the screen displaying that data must be obscured from view by anyone except the immediate user. Privacy filters are a common physical security control used to achieve this. Staff who should be issued privacy filters include receptionists in public-facing areas and remote employees using laptops while traveling. Limiting the viewing angle of screens helps mitigate the risk of shoulder surfing attacks.
Privacy filters are thin, tinted sheets that attach to computer monitors, preventing passersby from seeing screen contents. Only the user sitting directly in front of the monitor can view the display. In addition to protecting sensitive information, privacy filters can provide other benefits, such as reducing blue light exposure.
Filters are available from a variety of vendors and vary in quality. Before purchasing, businesses should ensure the control is reviewed and approved by senior management and that the correct filter size and format is selected. It is also recommended to maintain extra filters on hand for replacements or new devices introduced into the environment.