Secure disposal of physical data like paper printouts, disc drives, devices and hardware is often overlooked, but vitally important.
Simply tearing up documents or burying them below last week’s nasty fridge remains isn’t enough to protect your data (kudos to making a scammer work for it, though). And while it’s enormously satisfying to break your phone in half and toss it onto the street like a movie star, that’s not enough to protect whatever data traces you left on it.
Following cybersecurity best practices is great, but it doesn’t fully protect you from crimes. Data thieves are known to dumpster dive for information they can use or sell. Paper, computer drives, external storage and smart devices contain a treasure trove of data that scammers can use for high-tech data crimes.
Learn how to secure your trash against low-tech attacks.
Is your trash worth the effort?
Anyone who thinks you’ve got information worth selling to someone else cares about what’s in your trash. Even seemingly uninteresting data can be dangerous in the wrong hands. You could be unwittingly handing over valuable bits like:
- Vendor purchase orders — These can reveal the suppliers you use and pricing for goods and services.
- Client invoices or packing lists — A criminal can rebuild customer contact lists and purchase histories to determine what and how they paid.
- Client and vendor contracts — Even drafts or quotes contain sensitive information that a criminal can use or expose publicly, regardless of whether you executed the agreement.
- Printed emails — Criminals can use these to recreate identities or reveal damaging information that can be leaked online or used in a lawsuit.
- Marketing plans — Criminals can scoop your idea or threaten to expose your strategies.
- Intellectual property, research and development — Criminals can steal your hard-earned ideas and sell them to the highest bidder.
- Employee and payroll information — Criminals might steal your employees' identities, commit health care fraud using benefits information or use the information to recreate user IDs and break into company servers.
- Spreadsheets containing prospecting information — Criminals can expose your call sheets.
- Other sensitive data — It's not hard to imagine the havoc criminals could wreak with:
- Client tax return information
- Package labels containing client return addresses
- Handwritten signatures
- Copies of social security, driver’s license and check routing numbers
Your clients also care about how you handle your trash because they have a lot to lose: their private data. When the security of a customer’s data is breached, you could lose that customer’s trust and business forever. Top that off with a potential liability lawsuit for mishandling personally identifiable information, and you might be wishing you could dump your own identity.
Prevention tips for taking out the trash
When’s the last time you thought about your company’s trash? If you’re like most people, probably only when no one came to retrieve it. Review your procedures and receptacles from the perspective of a criminal who’s more than happy to dumpster dive to get what they want.
- Conduct a planned dumpster dive and office trash bin inspection. Check paper recycling bins for sensitive information, too. Employees may accidentally toss sensitive documents into recycling bins without thinking.
- Hire a secure shredding company and keep the receptacles locked.
- Train your employees on secure document disposal and how to identify sensitive information.
- Host periodic file purges and oversee proper disposal of company documents.
- Install locks on dumpsters and mount surveillance cameras in trash collection areas.
- Purchase quality crosscut or confetti document shredders that can manage staples, paper clips, CDs and external drives. (Refer to the National Security Agency/Central Security Service’s evaluated products list for paper shredders if you’re unsure where to start.)
- Create protocols for discarded or damaged devices and disk drives to remain securely stored until they’re destroyed (for example, keeping them in a locked filing cabinet).
- Wipe or secure erase computer disks to permanently remove data before retiring or recycling them.
- Remove memory cards and perform hard resets on tablets, smartphones and office equipment to reset the data to factory defaults.
- Securely destroy computer drives and embedded memory on office equipment using magnetic media degaussers (magnetizing) or solid-state destruction (shredding, crushing or disintegrating) before discarding them.
Dumpster diving is legal in most states. Once trash hits the curb or public property line, it’s fair game. And it’s one of many ways a threat actor can steal information.
Before tossing that printed email or defunct flash drive, consider what it contains. Your trash might be someone else’s ill-gained and highly damaging treasure.
Blue Ridge Risk Partners is a top 75 independent insurance agency in the United States. With 21 offices throughout Maryland, Pennsylvania, and West Virginia and access to hundreds of carriers, we are able to meet your unique insurance needs.