Shoulder surfing is when someone is watching what you are doing over your shoulder, this can occur on the train, in a café, at the airport or in any public place.
This is a common technique to watch the entry of usernames and passwords, read sensitive information (which could be damaging for the University or yourself) or even to record what is on the screen (for example with a photograph/video taken with a mobile phone).
People are naturally curious and some of the people who watch what you are doing may do so harmlessly but it is also a well-known technique amongst criminals who seek to monetise any information that they can glean.
The person does not even need to be particularly close e.g. they may be sat some rows behind you on a train and use their mobile phone to video or take pictures of what they can see on your screen. Which they later use to retrieve information or to access your account.
This obviously makes working in public a risk. Therefore, when on public transport or in a public area such as a café be very cautious when viewing or accessing sensitive information as it might be seen or copied.
If you are working on personal data it is your responsibility (under GDPR) to protect it. If you reveal this information in a public area this will render the University liable to fines (Potentially quite large fines!).
There will always be a risk of someone reading over your shoulder so try to shield what you are doing or avoid it altogether.
To better understand the risk think about the consequences of accessing your online bank in a public area – you certainly wouldn’t show the person behind you your PIN at a cash machine – so make sure that you cannot be overseen.