Considering various types of Social Engineering attacks, realize that all of them can be dangerous and have detrimental effects on the entire organization. Many people believe they know the different kinds of Social Engineering and how to avoid them, but they really only know a few different methods, mostly on the cyber side. While many of these attacks are cyber, there are also plenty that are physical. This week, we will look into the dirty job of dumpster diving and how to prevent it.
Dumpster Diving is the act of an unwanted party going through the trash at a company whether it be inside or outside the building. The attacker is usually looking for some type of confidential information that got put in the trash. Trade secret information should be disposed of properly. Most people want to use shredding as a form of destruction, but just because it is broken into little pieces does not mean that it cannot be put back together. One way to properly destroy some documents is burn them using burn bags in conjunction with a paper incineration method or service. This erases all existence of the document.
Companies should also rotate when they cycle out old, important documents. You should not get rid of documents on a predictable schedule such as the last week of every quarter or month. This type of trend allows an attacker to know when to come and look for the documents. Another way to prevent Dumpster Diving is by locking up main garbage cans at the office. If the cans or dumpsters are kept behind locked gates it will make it harder for attackers to get to the dumpster.
Dumpster diving is becoming less relevant in today’s world where most documents are digital, but there are occasions where it happens. Most people are not trained on this security risk or what not to throw away. Without proper training, there will always be a weakness in your company.