570.558.5660 info@site2.com

In 1860, Hector Urquhart wrote “…one man’s rubbish may be another’s treasure”. Nearly 160 years later, the idiom still holds true, but for a much more menacing reason.

Dumpster diving is the hacking term for digging through an organization’s garbage searching for trade secrets, personally identifiable information and private correspondences. Based on the term, many envision a homeless person looking for left-overs.  Instead, we should picture a disgruntled or terminated professional seeking revenge on their boss or organization, or someone looking to make a social or political statement.

Frankly, access to sensitive information in an organization’s “rubbish” is easier than you might think:

  • Executive garbage cans – often left unattended and unsupervised at the end of the day, these treasure chests can contain financial reports, human resource files and paper-based client correspondences.
  • Printer areas – documents get jammed, don’t print correctly, or more copies are printed than were expected. These may remain in shared printer areas for hours or days until they are disposed of, often not making it to a shredder.
  • Sticky-Notes – those yellow (or other neon colored) reminder slips are often used for jotting down passwords, contact information and account numbers. They are rarely shredded and their sticky nature makes them easy to stay behind in the garbage liners or on supporting files and documents.

Waiting for the garbage to hit the street isn’t always necessary for an insider with access to these areas. However, in many states, once it does it is considered “abandoned” and fair game to virtually anyone willing to take the plunge.

Here are some tips to avoid being exploited by dumpster divers:

  • Emphasize document destruction policies in on-boarding and regular security awareness training
  • Locate shredders or shredding bins near shared printing areas and in sensitive functional areas
  • Hard drives from computers, printers and fax machines should be shredded or physically destroyed, not just erased and thrown away
  • Keep dumpsters on private property to help avoid “abandoned” status
  • Keep dumpsters well-lit and under video surveillance

Contact Site2 for more ways to protect your corporate treasures.