Social Engineering Awareness Part 1: Dumpster Diving

Dumpster diving remains a prevalent security risk for almost every organization. Dumpster diving is a form of Social Engineering that takes very little technical knowledge. Further, a potential hacker’s goal while dumpster diving is to look for any information hidden within the trash to help penetrate a network. A quick list of potential targets containing worthwhile information would look something like this.

Hard Drives CD Drives Flash Drives SD Cards Floppy Disks
Instruction Manuals Receipts Invoices Old Software Old Magazines from vendors like cisco
Company Directory page or book Old Business Cards Diagrams of building or


Anything with signatures Usernames and passwords
Anything with names Fire Escape Plans Old Resumes Spam Mail Sticky notes

What can a hacker do with these tools?

Finding any of these things can become a massive tool for hackers trying to penetrate your network. Old passwords on sticky notes can lead to guessing new ones or even will let hackers reset your password via recovery questions. A company Directory can give hackers a huge list of phone numbers to call and pry more information. Hackers can do a huge amount of damage with very little pieces of information.

What can happen if I don’t dispose of information correctly?

Additionally, businesses that fail to dispose of information correctly can deal with fines. For example, CVS was hit with a $2.5 Million dollar fine when they failed to protect customer’s sensitive data by disposing of it properly. Even further, they were also forced to set up a “comprehensive information security program” to dispose of information properly. Continuing, a company in Houston was found to have disposed of hundreds of improperly discarded documents containing personal information from a local tax prepare. Fines for companies like this can be $500 dollars per document or more.

Companies like Cyber Protection Group check your security practices right down to the basics. We take into consideration your document and information destruction policies. If you do not value a good document destruction policy you are basically leaving your information in the open for anyone to find. Vulnerability assessments and penetration testing can be a great way to avoid potential security leaks and fines for later.

first second third fourth next finally in short all in all

further next continuing first second third in conclusion 

Meanwhile, during, subsequently, after that

subsequently, after that

 during, subsequently, after that