Dumpster Divers Could Be the Next Sony Hackers

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://recode.net/2015/03/10/dumpster-divers-could-be-the-next-sony-hackers/

Businesses invest trillions in IT security each year to protect
confidential and private information in the digital world. While effective,
these technologies and protocols are not ironclad, and the one thing they
definitely can’t protect is the security of physical documents.

It may sound silly, but paper is making news despite the recent focus on
cyber security. A few weeks ago, a Brooklyn warehouse caught fire and
scattered thousands of confidential documents around the city. Wired
recently profiled a dumpster diver who makes more than $250,000 annually by
collecting electronics from corporate dumpsters.

Consider for a moment the information you regularly print. Only our most
sacred and personal documents ever make it off the screen and onto paper.
Tax returns, W-2s, bank statements, investment reports, contracts, etc.,
contain private information that in the wrong hands could become a serious
liability.

There’s a serious risk lurking in your employee’s trash can.

No one goes through trash cans anymore, right?

It may sound trashy (no pun intended), but dumpster diving is gaining
momentum. Matt Malone, the dumpster diver, estimates that he makes an
average of $2,500 a night searching dumpsters of retailers for resalable
products. Rob Greenfield is on a mission to encourage more people to save
food from the landfill. He has already convinced more than 1,000 people to
join him in dumpster diving, and is offering to pay fines for anyone who is
ticketed in the name of reducing food waste.

But valuable products and food are not the only things that can be found in
the dumpster. For many businesses, there is something far more valuable at
stake: Confidential business information including employee records,
customer information and business financial information.

The problem with paper

As the world is becoming increasingly aware of the importance of protecting
our digital identities, some of the simplest ways of protecting business
information can be easily overlooked. Threats to corporate information
security are not always digital, and the protection of physical documents
is often discounted.

We may think we’re living in a digital age, but research shows that 89
percent of businesses are still using hard copies for record keeping. For
example, while electronic tax filing continues to increase year over year,
more than 19 million people in the U.S. filed their taxes the old-fashioned
way in 2014, according to the IRS. Even if you are filing online and
managing your employee and contractor forms electronically, odds are that
you’re still hitting the “print” key quite often for your CPA and records.

Recent headlines make it clear that we need to better protect private
information, and solutions may be easier and more effective than you
thought.

Are your employees putting you at risk?

Laws and regulations are in place to ensure the proper and responsible
disposal of certain documents. For example finance, HR, and legal
department documents, as well as anything with personally identifiable
information (including the majority of the required documentation for tax
returns), should be shredded to a super micro-cut, or 6,200 shreds per 8.5″
x 11″ sheet. Compliance is not guaranteed, though, and regulations are not
all-encompassing.

Paper shredding may be one of the simplest ways to keep information secure,
and 24 percent of people surveyed agreed that it is the most important
thing a company can do, according to Swingline’s Stack-and-Shred survey.
Despite this, nearly half of respondents (45 percent) said their employers
don’t always use a paper shredder or shredding service to destroy sensitive
business information. Of those, 20 percent reported they never shred.
Overall, more than a quarter of respondents admitted to tossing sensitive
documents straight to the dumpster without shredding, leaving valuable
information at risk.

Securing your hard copies

In Houston, hundreds of improperly discarded documents containing personal
information from a local tax preparer were discovered in a dumpster. We’ve
also seen pharmacy and patient records finding their way to the dumpster. A
few weeks ago, a Brooklyn warehouse caught fire and scattered thousands of
confidential documents around the city.

It’s not unheard of for businesses to be the targets of criminal
information seekers. In fact, it’s one of the vulnerabilities that
businesses often overlook. While the information security will continue to
dominate headlines, and as businesses increase investments in cyber
security, don’t forget to implement the policies, processes and equipment
to secure printed documents, as well. Make the small investment in a
high-tech shredder with auto-feed and other security features to make it
easy for employees to comply.

Don’t overlook the risks that may be sitting in the bottom of your
employee’s trash can.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!