When people talk about cybersecurity, the conversation usually revolves around data that’s stored (data at rest) or data that’s being sent around (data in transit). But there’s a third category that often slips under the radar — data in use.
This is the data you’re handling.
It’s open in your spreadsheet, on your browser, inside your portfolio management system.
At that moment, it’s vulnerable.
Not because you’ve done something wrong — but because the data is sitting right there, exposed in memory or on your screen.
Why Finance Teams Should Care
In our world — external asset managers, family offices, compliance-conscious fund admins — “data in use” often includes:
- Client holdings visible on a dashboard
- Draft investment memos in collaboration tools
- Screen shares during investor calls
- Login sessions on cloud CRMs or accounting software
At these moments, all it takes is:
- A screen capture malware
- A shoulder surfer during remote work
- Or even an insecure remote session
…and you’re looking at a potential data breach.
Understanding these nuances is why our Cybersecurity in Finance IT guide pays special attention to real-time exposure risks that finance teams face daily.
What Makes Data in Use So Tricky
Unlike encrypted storage or TLS-encrypted transfers, data in use has to be readable.
That means conventional encryption doesn’t help in the same way; it’s useless if you can’t access your data while editing it.
This creates a strange tension: the data must be usable, but not too exposed. So how do we strike that balance?
Practical Ways to Protect Data in Use
At Outsourced Information Technology (OIT), we look at this from both the user side and the infrastructure side.
Here are a few real-world strategies that we’ve helped implement
Guided Support, Not Intrusive Access
As much as possible, we avoid remote-controlling our clients’ devices.Instead, we write simple, clear guides that enable them to troubleshoot securely on their own.
This reduces unnecessary access to sensitive sessions, and empowers users to protect data in use without delay.
Visual Protection & Data Obfuscation
Privacy screens help reduce shoulder surfing and visual leaks in shared spaces — especially when desks face open corridors or windows.
On the software side, obfuscating sensitive information (e.g. partial masking of client names or account numbers) adds a second layer of protection when data needs to be seen, but not fully exposed.
Context-Aware Access
Limit access to sensitive systems based on location, device, or time.
Just because you can log in doesn’t mean you should — not from a cafe Wi-Fi in a different time-zone.
Endpoint Security
When users work, their devices are a frontline. Security tools on the endpoint — including modern EDR — can stop malicious tools before they reach data in use.
We cover some of these layered defenses under our Information Security resources.
What This Means for Co-working Environments
Many EAMs and boutique finance teams now operate in shared offices.
That brings convenience — but also new risks.
Screens face corridors, printers are communal, and networks are shared. If your data’s being used, you’ll want to know that the environment is built with that in mind.
At Outsourced Information Technology (OIT), we support CoWorkSpace because it’s more than just a place to plug in — it’s a space where the protection of working data is part of the daily rhythm.
The suites come with frosted windows, meeting rooms, and private call booths.
These details weren’t afterthoughts — they reflect an awareness of what sensitive work looks like in real time.
We encourage a culture of protecting data in use.
That starts with how workspaces are set up, but it doesn’t stop there.
We stay close, not just geographically, but operationally — keeping infrastructure tight and response times short.
This allows finance professionals to work confidently, knowing their data is not only encrypted or stored securely, but actively shielded during use.
