Data is considered in use when it is being accessed by a user. In-use data is particularly susceptible to keylogging and shoulder-surfing attacks.
Keylogging attacks are accomplished by a hardware or software appliance that can record the keystrokes and mouse movements of a user or workstation. Using a keylogger, an attacker can access information as it is entered instead of having to overcome security protections applied to the data after it enters the system.
Shoulder surfing is when someone watches the actions of a user, either in-person or using recording equipment, to access information, such as passwords, without having to interact with the system or workstation.
The most effective countermeasures to keylogging attacks are workstation lock policies and robust anti-virus software. Additionally, configuring users in OnBase to be given only the bare minimum rights and privileges required to perform their tasks can help mitigate keylogging attacks, as the amount of information and level of access an attacker gains is minimized.
While nothing can prevent shoulder-surfing attacks, OnBase does have native protections to increase security. For example, by taking advantage of Keyword masking, configured Keyword values are displayed on-screen with masking applied (this is similar to passwords being displayed as asterisks when entered). Other best practices can also be implemented to mitigate shoulder-surfing attacks, such as never including sensitive data in autoname strings.