Identity theft: Your trash, their treasure

Recycling versus shredding
When I have spoken with employees who have been caught placing sensitive documents into recycling bins, their explanation has been that they thought recycling was different from trash and therefore somehow safe. When asked to explain further, employees generally tell me that, while trash ends up at the landfills where anyone could get his hands on it, recycling is taken to a place where it will be reused. They often tell me they feel that it’s safe to place confidential documents into a recycling bin since the document will be destroyed instead of being shipped to a landfill. Let me be perfectly clear: Recycling is no more secure than throwing the items into the trash. For those out there who are worried about being green, most major shredding companies do recycle once they have shredded the documents.

Recycling is no more secure than throwing the items into the trash.

What’s your company line?
I have found that the amount of confidential information I discover in the garbage is directly related to how much the organization preaches the virtues of shredding to its employees.

My personal theory is this: Walk up to an employee’s desk and stick your arm straight out like wings on an airplane. Now spin in a circle. Is there a place for the employee to place confidential documents that require shredding within your arm span? If not, I can promise you that the employees are probably not shredding everything they need to.

The problem is this: Often times an organization places a shred barrel on each floor of its facility. The employees are then expected to get up throughout the day and place any papers they have with confidential information on them into those bins. Of course, what ends up happening is that the employees begin to build a pile on their desks of questionable items. As the day goes on, the papers start to get in the way. Since the employees are busy and not willing to take the stack to the shred barrel, they often just put them in the trash or do what I refer to as the “poor man shred.” That is, they physically tear up the paper themselves. When I find documents that have been torn by hand, I take them home and give them to my 7-year-old son and tell him it’s a puzzle. He always puts them back together.

In other cases, if employees end up with only one document that needs shredded, they may not want to waste the trip to the shred barrel, so again, the document ends up in the trash.

Shredders for all
The best possible solution is to have a small shredder at each desk. This makes it easy for employees to shred every work paper, eliminating any confusion of what is and is not considered confidential. If that is not a feasible option, add a second trash can at each desk designated for shredding. If you choose this second option, be aware that it does come with additional risks. You must make certain that the recycling at each employee’s desk is removed at the end of each day. You do not want to be leaving an open box of confidential documents at each desk where the cleaning crew or other visitors may have access.

My last suggestion is the most important. I highly recommend that you get yourself some rubber gloves and a couple of empty trash bags and head out to your own dumpster. Find out for yourself what is ending up in your trash. You will probably be amazed and possibly even a little concerned about what you find.

Video   Protect yourself from ID theft Oct. 6: TODAY’s Ann Curry talks to Jim Stickley, author of “The Truth About Identity Theft,” about protecting yourself from becoming a victim of the crime. Today show

Your used computer is worth its weight in gold
Several years ago, I was working for a company that had sales reps located throughout the U.S. One day I received a call from a coworker who was extremely upset about a telephone call he had just received. A man in Las Vegas had called to inform him that he was looking at the files for a number of our corporate clients. In addition, he had access to several months’ worth of corporate email and numerous other memos and proprietary information. While it sounded as if this man was trying to threaten our company, it turned out that he was just irritated at such a ridiculous breach in security and felt obligated to call and tell someone.

Several months earlier, another sales rep who had lived in Las Vegas purchased a personal laptop. While he actually owned the laptop, he used it to telecommute from home to the corporate office. Being a sales rep, he had access to numerous corporate files, email, customer accounts, and so on. After a couple of months, he decided that the laptop was no longer adequate. So he went back to the store where he purchased it and demanded a refund. Unbelievably, he got the refund and returned the computer to the store with all the confidential files still on it. All usernames and passwords saved on the system were left behind[md]emails, memos, files, documents, everything.

Now, one might think that this laptop would have been reformatted and returned to factory specs before being resold. It was clear that it had been used for several months. Unfortunately, however, the laptop was sold to another customer, still containing all the sales rep’s confidential files.

I can only imagine the second owner’s shock when he opened Outlook and it automatically logged into the corporate network and started downloading the sales rep’s latest emails. Fortunately, the second buyer turned out to be honest, and the data on the system was ultimately destroyed. However, not everyone is so lucky and, more importantly, not every situation is quite so obvious.

Each day, thousands of computers containing sensitive data end up being thrown in the trash or donated to individuals and organizations. The problem is that often the computers are simply turned off and boxed up without any thought for the existing data still on the hard drives. These computers often don’t end up in landfills. Instead, they get bundled together with other computers, placed on a pallet, and then sold in bulk at auctions for pennies on the dollar.

Identity thieves have been well aware of these practices for years and seek out auctions where these pallets of computers are being offered. They then take the computers home and, one by one, go through all the data located on the hard drives. Some people do realize the risks related to their hard drives and delete any confidential files before they turn them in. Unfortunately, thieves expect this, so in addition to just looking at the existing data, they run undelete software that goes through the hard drive and finds files that had previously been deleted.

While the thieves are not guaranteed to gain confidential information in this manner, the risk-to-reward payoff is definitely in their favor. Even if just one computer contains just one person’s confidential information, the identity thief will make far more than the small investment he paid for that pallet of computers.

Of course, it’s not just computers that you give away. In other cases, thieves purchase old laptops and computers via sites such as eBay. These computers are often offered by both home users and large corporations. Again, the goal of the thief is to undelete any files on the computer when it arrives with the hopes of gaining information he can use to commit identity theft.

While identity theft is of major concern, there are also the legal issues that can come from data being left on the computer. For example, a lawyer leaving confidential case information on the hard drive could be worth its weight in gold to an identity thief. Again, just deleting the information doesn’t mean that it’s gone. If it were to end up in the wrong hands, the costs could be millions or even billions to the affected corporation.

Destroy your data before retiring a computer
While my suggestion is to simply destroy the hard drive (opening the drive and taking a hammer to the drive platters will do the trick) before disposing of a computer, you won’t necessarily have this option if you are selling the computer. If you are selling a computer with the hard drive(s) still installed, the next best option is to reformat the hard drive using software designed to securely delete the data.

When you delete a file from a computer’s hard drive, the file technically does not go away. Instead, the pointer record that shows where the file is located is removed, but the file itself remains. Over time, some or all of the files will be overwritten as newer programs are saved in its place. With small drives, this can happen quickly, but with large drives, this may take a much longer period of time. Numerous software applications have been designed to locate and undelete your deleted files. These programs are extremely easy to use and take just a few minutes to track down hundreds of previously deleted files.

There is software, however, that has been designed to securely wipe the selected files from the hard drive. In most cases, the software flags where the file was on the hard drive and then writes new data to that location multiple times. The more times it writes data to the previous file’s location, the less likely someone can undelete the original file. Both free and corporate versions of these programs are available to permanently erase your data and software applications. While the free versions may not be quite as user friendly, they are generally just as secure.

It is easy for me to say that you should erase anything that is confidential; ultimately, that may prove harder than you think. Often, operating systems save data, including backups of what you are typing, while you are working on them. Even if you delete the primary file, the backup may still exist hidden away on your drive but easily found by the “undelete” software. For that reason, when possible, I suggest never giving your old computer with the hard drives still installed and intact to anyone who you cannot completely trust. And be sure you destroy your drives before tossing them into the trash.

Excerpted from "The Truth About Identity Theft" by Jim Stickley. Copyright (c) 2008 by Pearson Education. Reprinted with permission from Pearson.

More in Tech & Money Can your name affect your career? The decades top 10 Internet moments   Slideshow: Neat! 2009’s best microscope images

More from TODAY Makeover! New look gets her a proposal Ho-ho-ho! White House Christmas tree arives Sad development: The last Kodachrome film lab Clickable video: Hottest tech gifts of 2009 Star quality? Get your guy on the TODAY show

MORE FROM TODAY BOOKS: MONEY

Jim Cramer: How to invest in current economy

Jim Cramer: How to invest in current economy Help! I'm buried in bills and my credit is bad Rules of dating can help you land a dream job   Young millionaires share their secrets High gas prices may be good for us, author says How ‘The Roof Caved’ on Wall Street ‘Gift to My Children’ teaches about money, life Reach financial goals in your 20s and 30s How to ‘Fight for Your Money’ Be savvy! 10 ways to save on groceries   Add Today Books: Money headlines to your news reader: