The Computer Screen That Triggered a Security Investigation

A team member left their computer screen visible in a photograph.

Not visible enough to read. Not sensitive enough to constitute a breach. Just visible enough to trigger our security review process.

We spent four hours investigating and documenting a non-incident.

Some would call that overkill. I call it exactly right.

The ISO 27001 mindset

Working toward ISO 27001 certification changes how you think about security.

The standard doesn’t just require controls. It requires evidence that controls are working. That means documenting incidents -including near-misses and non-incidents -to demonstrate that the system catches things.

A visible screen in a photograph isn’t a breach. But treating it as something worth investigating means our process would catch an actual breach.

The investigation that found nothing is evidence that our investigation process works.

The 8-12 hours monthly

Security protocols consume approximately 8-12 hours of team time monthly.

Access reviews. Incident documentation. Policy updates. Security awareness discussions. Audit preparation.

This is friction. It slows down other work. It takes time that could go to client delivery.

We embrace it anyway.

Why deliberate friction matters

Friction in security processes serves two purposes.

It catches problems early. The small inconveniences -logging access, reviewing permissions, documenting anomalies -create visibility into what’s happening. Problems surface before they become breaches.

It builds culture. When security reviews are routine, security thinking becomes routine. The team notices things that would slip past if security were an afterthought. The visible screen in the photograph was noticed because we’ve trained ourselves to notice.

Frictionless security doesn’t exist. Either you have deliberate friction you control, or you have catastrophic friction when something goes wrong.

What the investigation found

The photograph in question showed part of a laptop screen in the background of an otherwise innocuous image.

The investigation confirmed:

• No client data was visible
• No sensitive information was legible
• The image was taken in a context where photography was expected
• The team member followed proper protocols for the situation

Four hours of investigation for a confirmed non-incident.

The documentation goes into our incident register. It demonstrates that our monitoring works. It shows auditors that we take even potential issues seriously.

The client trust connection

Pharmaceutical consulting involves handling sensitive commercial data. Client customer lists. Competitive intelligence. Strategic plans.

Clients trust us with information that would be devastating if exposed.

That trust requires more than promises. It requires evidence of systematic protection. The security protocols that consume 8-12 hours monthly are the evidence.

When clients ask about our security practices, we don’t describe aspirations. We show documentation. Incident reviews. Access logs. Audit trails.

The visible screen investigation is part of that evidence. It shows that our system catches even minor potential issues.

The security investment

Some view security protocols as overhead. Cost without return.

I view them as client investment. The hours spent on security are hours spent protecting client trust. That trust is the foundation of every engagement.

We’ve never had a client data breach. That’s not luck. It’s the accumulated effect of treating every potential issue as worth investigating.

The computer screen that triggered a security investigation wasn’t a problem.

Our ability to catch it was exactly what should happen.