• About us
• Our ethos
• Our team
• Join us
• Awards
• Company policies
• Media Centre
• News and press releases
• Contact us
• How to find us

< Back to News

Are environment initiatives a threat to an organisation's security?

March 27, 2007

David Macken, managing director of System Associates - a provider of eGovernment security services, is warning organisations about the security implications of recycling.

Increasingly, organisations are looking to reduce emissions and comply with international standards, such as ISO 14000, yet if not managed properly it can leave them wide open to hackers and fraud attempts.

"Individuals are being encouraged to recycle their paper at work, yet not enough thought is being given to confidential information. One visit from a tenacious hacker to the office recycling bins can often provide enough information for them to bypass firewalls and other security systems and get straight to the heart of confidential information. It can be months before an organisation actually realises it has been a victim of fraud, by which time, the hacker will have covered his tracks."

According to Macken, even companies operating a secure disposal system are vulnerable. "Most secure disposal companies come once a week and very often there is no locking mechanism on the bins. This gives a false sense of security, but is an open invitation for computer hackers, who know exactly where to head to retrieve confidential information."

Initiatives such as ISO14000 are usually implemented through general management and administration and little thought is given to the type of material that could be like gold dust to the computer hacker. Email addresses, internal passwords, information about suppliers can all be used to help the hacker pose as an employee, supplier or customer to obtain more confidential information. Macken believes that recycling policy should always involve IT security personnel, as a matter of principle.

"Those most at risk of security attacks should ensure IT security is discussed throughout the organisation, and especially during employee induction," comments Macken. He continues "Vulnerable companies often forget to brief all their staff and particularly forget to brief new employees who are most likely to be supplied with new passwords and confidential information."

He also advises that a supplier policy is put in place to ensure suppliers also comply with IT security measures. "Even if an organisation has strict rules about recycled documents, it is important that it checks suppliers recycling processes and implements safeguards to identify and destroy sensitive information."