Another One’s Treasure

Is it really true that one person’s trash is another person’s cash or treasure? It depends. When was the last time a trash can near you contained anything like this?

  • A list of the people getting laid off next week in your company.
  • A report that estimates the impact of the newest product on sales volume.
  • A printout of the settlement terms that the legal department will propose in court next week.
  • A partial copy of your mortgage refinance application (that you crumpled and discarded because you positioned the original the wrong way in the copier—without realizing your name, address, birth date, and SSN were clearly visible on the copy).
  • A vulnerability report outlining major weaknesses in your company’s data center.

Information is powerful and some people will go to great lengths to get it. But the sorry truth is that you only have to go as far as the nearest trash can. Beneath the coffee cups and candy wrappers are often some soggy, sensitive, sentences just waiting to get recycled–recycled into cash, competitive advantage, or just mischievous fun.

Can you identify the absolute worst waste baskets on your floor? That’s right, the ones next to the copy machine or printer.

And did you know the type of paper on which we tend to write the most confidential information? Post-it notes! Post-it notes and passwords seem to go together like green eggs and ham. The brightly colored paper of post-it notes make them easy to find and retrieve from your trash can.

When we throw something away physically, we also discard it mentally. But that doesn’t mean that everyone else will ignore it too. Which leads us to the fundamental problem with trash cans—they invalidate all the security practices, passwords, and other attempts that we make to protect data online. Perhaps one reason the trash can is called the “circular file” is because what you throw out may circle back and bite you.

And even if Elvis’ discarded post-it note has safely left the building, it still ends up in the dumpster, which is essentially a public place. That’s where we get the term “dumpster diving,” which is people diving into dumpsters to find sensitive data that was casually discarded.

If your data doesn’t belong in someone else’s hands, don’t put it in a trash can. You can do shredder than that. Shredders aren’t perfect, but they can cut the risk substantially.

This is a guest post by Skyyler.

Related Posts:

Why a Wastebasket Audit?

Wastebasket Audit Findings


1 Comment

Filed under Security, Security Scope, Written by Skyyler

One response to “Another One’s Treasure

  1. Pingback: Quotes of the Weak (NOT) | ITauditSecurity

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.