Dumpster diving is a low-tech but potentially effective method used by attackers to gather sensitive and valuable information by physically searching through an organization’s trash. Dumpster divers often target discarded documents such as old memos, printouts, and reports that may still contain sensitive information like usernames, passwords, credit card numbers, and other confidential details.
How it works
Attackers search public and private trash receptacles to find information that may be helpful in their attack strategy. By piecing together various details from discarded documents, attackers may piece together a complete understanding of the organization’s internal workings and gain access to protected systems.
- Implement a ‘shred-all’ policy: Ensure that all sensitive documents are shredded before being discarded. Make it a standard company policy, and ensure that all employees are trained in this practice.
- Raise awareness: Train employees to recognize the potential risks of improper disposal and encourage them to be diligent in disposing of sensitive documents.
- Secure disposal: Use lockable bins and trash bags or dispose of sensitive documents in a designated, secured place where they will be safely destroyed.
- Periodic audits: Conduct regular audits of your physical security measures, including trash receptacles and disposal methods.
By implementing these countermeasures, your organization can significantly reduce its risk of exposing sensitive information through dumpster diving.