Dumpster diving, in cyber security terms, appears to be possibly an outdated way to go about initially “hacking” into a business. But…

One common way for cyber criminals to get sensitive information is to go digging through an individual’s or business’s trash. YES! This does happen! This is a tried and true method called ‘dumpster diving’.

Physical Security Considerations Risk Assessment

Everyday, businesses large and small dispose of sensitive information on paper in the trash without shredding it. Strip-cutting is the type of cut you get from a shredder that leaves “long” strips of your document intact, generally the long-ways (vertical- up/down). A regular “strip-cut” shredder is better than nothing, though information can be reconstructed given some time.

A better option in a shredder is a cross-cut type shredder- this kind cuts documents long-ways as well as sideways, making small confetti that is much harder to put back together. There are different sizes of cross-cut that we do not need to get into that narrow the long-ways as well as the sideways cuts. Cross-cut is generally good enough with the cost and features for a small business.

An even more secure option is to get a shredder that does something called “micro-cut”, but can sometimes be slower to cut documents as a trade-off. It’s essentially like a cross-cut shredder, but cuts fragments even smaller! Now if you’re looking for only the best (and the most expensive), check out this list of NSA approved scanners that shred top-secret level or similar documents.

dumpster diving in cyber security
A general cross-cut on the left while micro-cut is on the right. Which do you think is harder to put back together?

The key here is for you to get shredders that (at least) cross-cut or micro-cut so that the pieces are very very hard to put back together. Put all your documents that have sensitive information through the shredder. Never miss this and your chance for dumpster diving of your sensitive documents (and something coming up out of it) will diminish greatly.

Adding to policy that employees must shred all sensitive paper-work is a good idea as well as including several shredders for all your employees to use. This will help set a requirement to shred when necessary. Remember, sensitive information can be very private:

  • customer information
  • accounting information
  • financial information
  • employee information
  • business information

Dumpster diving, in cyber security terms, is a serious and legitimate issue. Don’t be the business that ignores a reasonably simple fix to this problem- and you may have a legal requirement to do so! Please be aware of any laws for the state or country that your business resides in regarding data disposal. You may be required to destroy data in a very specific manner. Find out about your legal requirements here:


Save time & money in fixing and managing many small business cyber security issues with our step-by-step cyber security management software. Your business will be more resiliant to cyber attacks and your customers would take notice.

Comments and questions below are viewable and open to members only.