Eco-friendly is NOT equal to security

It is a well known statement that, compliance is not equal to security. This is due to the divergence between the goals of security and those of being compliant. Being compliant to many companies means, doing just enough to check a box and not have the auditor fail the organization. On the other side is security. Security is a process. It is the process of protecting the organization from threats both internal and external through many different means. Security is only proven over time. Being “good enough”, is not good enough. In reality, you may be “good enough” to not be the attack of today, but that has nothing to do with the threats of tomorrow. For sure, 0day exploits can happen to any organization, the difference is how well can you handle it. Are there sufficient controls in place to limit your risk? Is a incident response team ready to be deployed if there is an incident? etc…

Okay, moving on…

Now-a-days, many companies are pushing with “Green” efforts and becoming environmentally friendly. This is means doing anything and everything possible to help the environment. For years the common method to do this was: to use the eco-friendly lights, take public transportation to work and recycle. In the corporate world, usually the lights are chosen/replaced by the building maintenance department. As for the handling public transportation, some organizations assist their employees with allowing them to expense monthly passes. The use of large recycling bins, makes things easy for companies as well. However, there must be a process to handle sensitive documents. If employees were to recycle sensitive information, than an attacker would have an easy job stealing the data! Separating documents from actual trash means there is no need for the attacker to get into the dumpster and get all dirty anymore.All that is needed is to grab a bag of recycling and it is likely the bag would contain some sensitive documents. Sensitive data should never make it to the recycling bin in the first place. Documents should be shredded before they are recycled and the employees of the organization should be trained to handle the data properly. Obviously, any training that would occur would be error-prone. Therefore, the best way to handle recycling is to shred the documents before recycling them. That way, eco-friendly is equal to security + the cost of the shredding/recycling service.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: