Lipani Security LLC

A Security & Privacy Company

Category: blog

Dumpster Diving

Posted on by admin

A very common way to get data from a company is what we call old-school dumpster diving. Garbage picking is the practice of sifting through commercial or residential waste to find items that have been discarded by their owners, but that may prove useful to the garbage picker. Garbage picking may take place in dumpsters or in landfills. When in dumpsters, the practice is called dumpster diving in American English and skipping in British English.

Since dumpsters are usually located on private premises, divers may occasionally get in trouble for trespassing while dumpster diving, though the law is enforced with varying degrees of rigor. Some businesses may lock dumpsters to prevent pickers from congregating on their property, vandalism to their property, and limit potential liability if a dumpster diver is injured while on their property.

Dumpster diving is often not prohibited by law. Abandonment of property is another principle of law that applies to recovering materials via dumpster diving. Police searches of dumpsters, as well as similar methods, are also generally not considered violations; evidence seized in this way has been permitted in many criminal trials. The doctrine is not as well established regarding civil litigation.

Companies run by private investigators specializing in dumpster diving have emerged because of the need for discreet, undetected retrieval of documents and evidence for civil and criminal trials. Private investigators have also written books on “P.I. technique” in which dumpster diving or its equivalent “wastebasket recovery” figures prominently. If you can get into a dumpster, it’s a great source of information you can find passwords written on paper you can find phone directories financial information. In the modern era of paper shredders, it’s a lot less common but those pieces of shredded paper put together lead to information a lot of patients and some tape goes a long way.

One thing I tell people is don’t throw all your important shredder trash into the same garbage pickup when I clip a credit card it three, I will put 1 piece in each garbage pickup for the next three weeks. When you’re picking out a shredder don’t pick the cheap staples model that just shreds in one direction pick the shredder that does crisscross and up and down the more way the documents get shredded the better. Pick a shredder as well that cut things into small pieces the smaller the pieces the better. It makes putting the document back together much harder.

One thing I see people do all the time is they will shred a document put throw their backup CDs in the garbage remember those are digital documents those CDs should be put through the shredder as well. Most shredders nowadays come with a document, credit card, and disk shredder. When you’re going through your closet, and you pull out those floppy disks remember those still can be read. If you need to dispose of them, get a good scissor and cut them up into pieces or scrape them with sandpaper.

If you have questions about data disposal contact us.

Two-factor authentication

Posted on by admin

Two-factor authentication also known as 2FA also referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves. Authentication using two or more different factors to achieve authentication include

  • something you know (e.g., PIN, password)
  • something you have (e.g., cryptographic identification device, token)
  • something you are (e.g., biometric)

For example, if you have a Two-factor authentication setup on your laptop you would need to enter your password then you would need to scan your fingerprint to log in. If you have a Two-factor authentication set up on Gmail, you will need to put in your password then you will need to put in a pin code that you got texted to you or by using the code generated by the Google authenticator app.

This need of using two means to authenticate provides extra safety say you are in the car on your way to work and you get a text message from one of your services like Gmail with a login code and you did not just try to login to Gmail this would tell you two things.

One that someone has your password, and you should change it and two since they have no way of getting the code off your phone, they were unable to log in thanks to the Two-factor authentication you set up on your account.

There is software solution in the business world like Duo that before you can log in to your computer you first enter your password on your computer then you must open the Duo app and hit ok on your phone to allow you to log in to your computer. I know sounds at times this sounds like a lot, but password theft is one of the top security issues on the internet today.

For personal use companies like Microsoft and Google provide free authentication apps for iPhone and Android that you can use to secure and add Two-factor authentication to your accounts.

What accounts should you secure? Any important account with a password. Things like email, bank accounts, social media, and any account that has any kind of personal information.

If you need help or think this is something, you or your company want to do please contact us.