Dumpster diving is a security threat that’s every bit as real as that posed by online hackers. Failing to protect one’s business from those who would exploit the information available in the trash invites victimization by cyber criminals. Even though it’s hard to picture yourself engaging in such a distasteful task, others willingly do it because they stand to gain a great deal at your expense. Criminals seek information, including that found on discarded hard drives. This might include:
- Full names of employees, business partners, and contractors
- Account login credentials
- Marketing information
- Email addresses of employees
- Sensitive customer information
- Employee information
- Company operation information
- Corporate secrets
- Medical records
- Bank statements and other financial information
- Tech support logs
This and other information can be used in a variety of ways. For example, information about your contractors allows spear phishers to write emails that convince your employees to click on dangerous links or to give out passwords. A criminal posing as an IT service contractor could arrange an appointment to do maintenance on your servers. This provides him with the perfect opportunity to set up a backdoor account for later remote access.
Hackers often employ dumpster diving during the reconnaissance phase of a cyber attack, in which they try to learn as much as possible about their targets in order to uncover security vulnerabilities. The more information obtained, the greater their prospects of creating an effective plan of attack. This is similar to a burglar casing a home for easy access points, or a thief learning about the security defenses of a jewelry store.
It’s important to understand that cyber criminals can exploit seemingly innocuous information. Unless you’re a skilled hacker, you can’t be 100% sure that the discarded information in your dumpsters can’t be used against you in some way.
In addition, securing the physical area around your dumpsters only delays exploitation of their content. At some point, thieves can gain access once the refuse is sent elsewhere beyond your control. This means hard drive destruction of all discarded devices is the only reliable way of denying criminals access to your digital information. To learn how our products reliably do this, contact us today.