Cybercriminals would dive at any available data they could get even if companies have already considered them as trash. Global cybersecurity firm Kaspersky identified the top three carelessly discarded trash that cybercriminals still find useful: work documents, envelopes, and digital storage media.
“It’s said that one can learn a lot about a person or a company from the trash they throw away,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky. “Cybercriminals know that all too well and finding out that they rummage through company garbage shouldn’t be surprising,”
Using research by a printer company, Kaspersky said “the average office worker prints as many as 6,000 sheets of paper in a year (25 in a day) and about 3,720 sheets are considered waste (10 per day). Another research says that nearly half of printed documents in a typical office are discarded within 24 hours.
And that is where lies the problem. The unshredded discarded paper presents a wealth of corporate information that cybercriminals can use against a company or could give them a clue to the company’s network.
Kaspersky noted that in the past few years, cybercriminals have increasingly resorted to business email compromise (BEC) attacks that target corporate correspondence. It brings a car manufacturer’s European division as an example which lost more than $37 million to cybercriminals as a result of a fake bank transfer instruction that an employee mistook as legitimate.
Flash drives, hard drive
Digital media can be a treasure trove of information, according to Kaspersky. Devices store contacts, emails, and other details that when obtained by cybercriminals could give them access to an employee’s local network that may lead to the corporate data.
“More than 80% of all cyber-incidents are caused by human error,” said Yeo. “Cost-wise, a cybersecurity breach would set back a small to medium-sized business about $101,000 and an enterprise for $1,090,000 on average (as of last year’s statistics from Kaspersky). So, it’s up to us in the business sector, regardless of position in the company, to be mindful that the security of the business depends directly on our behavior in handling corporate data.”
Below are some tips from Kaspersky on how to minimize or eliminate the use of office supplies for data storage and hopefully not be used by an attacker:
- First, destroy all paper documents that are related to the work of the company before tossing them in the garbage. That means all of them, not just those containing personal data. Shred them, envelopes included.
2. Digital media (hard drives, flash sticks) do not belong in the trash. You have to render them mechanically unusable and take them to an electronics recycling center. Use pliers to snap disks and flash drives. For hard drives, use an electric drill or hammer. Remember that there is a flash drive inside every phone and a hard drive inside every computer. If you’re throwing any of them out, first make sure their data is unreadable.
3. Before throwing away parcels or food delivery bags, it’s good practice to tear off and destroy any labels with the name and address of the sender and recipient.
Besides proper disposal of corporate garbage, another way businesses can beef up their cybersecurity is by utilizing technologies like Kaspersky Endpoint Detection and Response Optimum (KEDRO) which delivers straightforward in-depth defense against complex and advanced threats with no additional overheads.
The KEDRO automation features ensure that incidents are dealt with swiftly and its simplified root cause analysis helps reveal the true scope of the threat so you can act accordingly, all with an easy-to-use toolkit.