One Man’s Trash… is another man’s access into your secure environment.
I’m currently working on an engagement for social engineering with a bank, and what I’ve found is surprising. We go to great lengths to warn our clients about shredding sensitive information but so often, employees are unaware of what can really cause an informational leak in an organization. The obvious ones: Account Numbers, Social Security Numbers, PIN’s and Passwords; most employees are aware that physical media with that information should be disposed of properly. What about department memo’s? Imagine if a memo that stated that the exterminators would be coming into the bank at 10:00AM next Thursday? Is that information you would want a would be Kevin Mitnick to have when he has your organization in his sights? Have you driven behind a grocery store lately? Have you noticed the kind of dumpsters they use? They are inaccessible from the outside. Locked and secure to keep people and animals away from spoiled stale and dangerous items. What steps should you take to keep information thieves away from stale and dangerous data?
Oh, and just on a personal note… banks have the cleanest trash you could ever imagine… the gross factor won’t dissuade someone that really wants to find something.