Your company’s trash may be a cybercriminal’s goldmine — Kaspersky

(Edited Press Release)

For cybercriminals, data is still king. So, when targeting a company for an attack, cybercriminals would also turn to the crudest approach—that is, diving into corporate trash for any valuable data. According to Kaspersky, the top three carelessly discarded trash that are highly useful for cybercriminals are: work documents, envelopes, and digital storage media, and whatever info they might extract from these can be monetized or used against your company.

“It’s said that one can learn a lot about a person or a company from the trash they throw away. Cybercriminals know that all too well and finding out that they rummage through company garbage shouldn’t be surprising,” says Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.

Tossed-out work documents don’t need to have confidential data in it to reveal what your team is doing, your business lingo, or even your current business processes. Once these are in the hands of a cybercriminal, such information would be handy to impersonate a staff, supplier, or client through telephone or email to draw out more information.

Another interesting trash for cybercriminals are envelopes from business letters that indicate details of the addressee and the sender. With knowledge of this information, a cybercriminal can contact the recipient with a convincing request for clarification or send a malicious link that appears to confirm receipt of a real physical document.

Not to be ignored as ordinary office trash are digital media which can be a treasure trove of information for anyone with malicious intent. A broken smartphone can cough up lists of contacts and messages and can be used to imitate the former user of the device. Flash drives, hard disk drives, or solid-state drives hold tons of work documents and personal data.

Below are some tips from Kaspersky on how to minimize or eliminate the use of office supplies for data storage and hopefully not be used by an attacker:

 

1. First, destroy all paper documents that are related to the work of the company before tossing them in the garbage. That means all of them, not just those containing personal data. Shred them, envelopes included.

 

2. Digital media (hard drives, flash sticks) do not belong in the trash. You have to render them mechanically unusable and take them to an electronics recycling center. Use pliers to snap disks and flash drives. For hard drives, use an electric drill or hammer. Remember that there is a flash drive inside every phone and a hard drive inside every computer. If you’re throwing any of them out, first make sure their data is unreadable.

 

3. Before throwing away parcels or food delivery bags, it’s good practice to tear off and destroy any labels with the name and address of the sender and recipient.

 

Besides proper disposal of corporate garbage, another way businesses can beef up their cybersecurity is by utilizing technologies like Kaspersky Endpoint Detection and Response Optimum (KEDRO) which delivers straightforward in-depth defense against complex and advanced threats with no additional overheads.

The KEDRO automation features ensure that incidents are dealt with swiftly and its simplified root cause analysis helps reveal the true scope of the threat so you can act accordingly, all with an easy-to-use toolkit.