What is Dumpster Diving and how does it relate to the cybersecurity maturity model certification (CMMC)?
September 10, 2020
In the world of cybersecurity, dumpster diving is a technique used to get information that could be used to carry out a cyberattack by searching for useful information in the trash. This can include passwords written on paper, important documentation that can provide information on IT systems, PII, or any other confidential information.
How can companies protect against dumpster diving?
Companies that dispose of information via the trash/dumpster have multiple ways to protect against dumpster diving. One way to protect against dumpster diving is to ensure their garbage is secured behind a fence and lock. Another way to protect against dumpster diving is shredding every bit of information put in the trash. This includes shredding paper, microfilm, and even digital storage devices such as hard drives. Labelling sensitive documents as "confidential" can let employees know that these documents need to be shredded prior to disposal. Another technique is to try and go paperless. It is much easier to track and secure electronic documents than it is to secure paper documents.
How do government agencies protect against dumpster diving?
Government agencies will simply tend to shred and burn any material so that there’s no possible way to reconstruct them.
How to provide cybersecurity training in relation to dumpster diving?
Employees need to be trained to use company shredders and to properly label sensitive documents. This will reduce the chance of them throwing away sensitive documents.
How does dumpster diving relate to CMMC?
CMMC practices related to encryption appear in the media protection security domain. Companies are required to "sanitize or destroy information system media containing federal contract information or controlled unclassified information before disposal or release for reuse.". We have a comprehensive article on how to properly achieve this here https://www.cubcyber.com/destroying-digital-and-non-digital-media.
If you would like more information on CMMC related requirements feel free to reach out to us at firstname.lastname@example.org.
Discover Our NIST SP 800-171 Solutions:
For contractors seeking compliance
For IT service providers
Supply Chain Verifier
For contractors seeking to verify partner compliance