Wastebasket Audit Findings

Over the years, I’ve performed many wastebasket audits (see my previous post, Why a WasteBasket Audit? for more details). One reader said this was a waste of time, but you be the judge. Here are some of my findings:

  • Normal user and administrative user IDs and passwords (until you start sorting though the waste papers, you never realize how common this is).
  • Performance appraisals, pay rates, and W2 and W4 forms.
  • Backdoor URL into an application that provided administrative privileges, but required no authentication (this application, exposed to the Internet, only brought in $20+ million per year)
  • One VP’s list of accounts and passwords, including his bank login credentials, found in his secretary’s trashcan. Hmmmm.
  • Surprising Survey Results – After a meeting attended by the CIO and CFO where a manager reported the reactions of customers to a security change we were contemplating, I found the original survey results (manager’s wastebasket). Instead of 90% of the customers being against the change as reported in the meeting, 90% said it would not impact their operations.

What’s lurking in a wastebasket near you?

Leave a comment

Filed under Audit, Security

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s