Published: March 1, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
You know that saying “One mans trash is another man’s treasure”? A saying could not be more appropriate when it comes to corporate documents. The documents that you discard each and every day may be nothing but trash to you, but to an identity thief, the documents are as good as gold. In fact, an entire black-market industry has been created around information that has been improperly discarded or improperly secured.
For example, what is called a “Fullz” on the Dark Web is a complete “file” of someone’s information that includes name, social security number, birth date, any account numbers associated to the name and SSN, and other identifying information. This set of data is worth anywhere from $15-$65 each. For high profile individuals or for those with great credit and no alerts placed on their reports, it can be much higher. A company called Quartz released survey results finding that one profile from a vendor called “OsamaBinFraudin” was listed at nearly $455 on the Dark Web. If you think about how many records are gained in a single data breach, that information can net quite a payday for the criminal.
Jim Stickley of Stickley on Security has jumped into many dumpsters in his past. The intent was to look for PII. He said, “there wasn’t a single time I went dumpster diving and did not find at least one document that contained PII.” When brought to the attention of the company he was consulting with, it was nearly always found to be a mistake. One person accidently tossed it into the wrong bin.
Mistakes do happen but when it comes to improperly discarded documents, the damage can add up quickly. Think of it like this. Let’s say that today you accidentally threw one document in the trash that contained confidential information. Now assume that there are 100 employees at your organization and all of them also accidentally threw away just one document containing confidential information. Suddenly that’s a hundred documents in the trash that contain confidential information. Now to take it one step further, what if every day everyone made just one mistake. Now you have five hundred confidential documents in the trash per week. That’s a lot of documents left for a criminal to gather up; and it actually happens all the time.
This is why it is so important for you to remember to shred everything that contains potentially private or confidential information. More importantly, if you’re not sure if the information on the document is actually considered confidential, always err on the side of caution and shred it. There is no such thing as shredding too much.
Keep in mind that while people may have good intentions, one of the biggest mistakes people make is when they don’t have a shredder at their desk and instead are required to take confidential documents to shred bin located somewhere in the office. The problem happens when the person sets the documents off to the side of their desk with the intention of later taking them to be shredded. As the day progresses, those documents get mixed with other documents that were meant to simply be recycled. Now, instead of heading to the shred bin, those documents all end up in recycle which often times is not secured and doesn’t get shredded. Because some organizations do secure and shred their recycle, it’s important for you to ask management and follow their policy of discarding documents containing PII/ confidential information.
Also, when possible there should be a shredder easily accessible to every person that handles PII. Preferably even sitting on or very near each desk. Walt Disney famously determined that people will walk 30 steps before tossing trash on the ground. Therefore, in his parks there are trash receptacles strategically placed just about that distance from each other. Stickley thinks every desk should have a shredder within arms length. While this may not be reasonable for some organizations, at a minimum a separate container should be kept for documents that must be shredded. And be sure to either shred them or put them in the shred bin every single night or before leaving your desk for any length of time.
So next time you go to toss a document in the trash or recycle, take one extra second to make sure nothing on the document is considered private or confidential and when in doubt, toss that document in the shredder. Remember, all it takes is just one little mistake to add up to thousands of documents containing confidential information ending up in the wrong hands.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org