Over the years, I’ve performed many wastebasket audits (see my previous post, Why a WasteBasket Audit? for more details). One reader said this was a waste of time, but you be the judge. Here are some of my findings:
- Normal user and administrative user IDs and passwords (until you start sorting though the waste papers, you never realize how common this is).
- Performance appraisals, pay rates, and W2 and W4 forms.
- Backdoor URL into an application that provided administrative privileges, but required no authentication (this application, exposed to the Internet, only brought in $20+ million per year)
- One VP’s list of accounts and passwords, including his bank login credentials, found in his secretary’s trashcan. Hmmmm.
- Surprising Survey Results – After a meeting attended by the CIO and CFO where a manager reported the reactions of customers to a security change we were contemplating, I found the original survey results (manager’s wastebasket). Instead of 90% of the customers being against the change as reported in the meeting, 90% said it would not impact their operations.
What’s lurking in a wastebasket near you?
ITauditSecurity 