The concept of Dumpster Diving can be explained with the famous saying: “One man’s trash is another’s treasure.”
That means that what you and your company consider useless could be of great value to a criminal. But today we’ll talk about how hackers can apply this to access your digital assets.
How Does Digital Dumpster Diving Work?
As I mentioned a second ago, this is nothing more than searching through your digital garbage to obtain useful information about you or your company, and then carry out an attack.
You must remember that all those documents or files that you throw on your office’s dumpster, cloud storage, or computer’s “Recycle Bin” usually remain there until you proceed to take them out or permanently delete them.
It’s surprising to discover how much someone can learn from you and your business by reviewing its content in detail.
A hacker with knowledge of social engineering will be able to combine information found from this source, together with other publicly available on your social networks or other sites published on the web.
This is exactly why big businesses use shredding and incineration methods or services to get rid of this valuable information. As well as why cloud storage companies protect their servers with AI tools, built-in firewall, data encryption, and 2FA.
But, what type of information do hackers look for exactly?
- Email addresses
- Bank / Financial statements
- Medical records and Social Security Numbers
- Marketing and Trade Secrets
This information can be found in reports, curriculums, invoices, contracts, flash USBs, hard drives, and as it was mentioned before, on your device’s trash can.
And believe it or not, reformatting a hard drive only erases the directory information that points to the store data… But it won’t erase the data itself. This is where commercial software helps you to get the cleaning job fully done.
How to Avoid Digital Dumpster Diving?
There are two main ways to avoid it. One relies on technology and the other, on people.
- Software to Encrypt or Permanently Delete Valuable Information: Modern encryption software used to save encrypted data and protect your organization virtually is often inexpensive and easy to use.
Even IT experts prefer to use them instead of the manual route to save some time.
The best software out there can manage what types of data are stored and download or even restrict physical ports usage entirely. This applies to USBs, as well as mobile phones and PDAs which can be used to extract your valuable information.
- Human-Based Dumpster Diving Protection: Now, let’s not forget about those in your organization. Regardless of what anyone can tell you (even myself), the most important thing here is not technology but the human factor.Did you know that 40% of security breaches are caused by employees and not outside hackers?
I can highlight one story about a California citizen who stole +500 identities by acquiring both processed depository receipts and junk mail, from nearby banks. These contained names, addresses, dates of birth, Social Security Numbers.
So, to minimize the odds, it’s necessary not only to hire trustworthy workers but also to educate them about digital dumpster diving and its consequences.Don’t forget to establish a “document destruction policy” in the company if there’s none yet. After all, they might be the ones who help you to get rid of data at a certain moment.
All of this might be hard to read or heard for the first time.
But there’s no need to remain paranoic.
It’s smart to think about it and act.
The fastest and most reliable solution is to let experts do it for you.