Social Engineering Tip #43 – Shred All Handwritten Notes

One of the most overlooked information security practices is the shredding of handwritten notes.  Part of our ethical hacking engagements, also known as penetration testing, is trying to discover information about the organization or system through its users. This practice of social engineering is a core component to an ethical hacking exercise.

Many organizations have trained their employees to shred PHI, PII, PCI and other P – whatever-I that gets printed out.  What we find though is that many organizations have tons of valuable information that is handwritten but never destroyed.  During social engineering tests, these handwritten notes can often be found in various trash or recycling bins.

These handwritten notes often contain small amounts of very sensitive information such as security codes, combinations, account numbers or other information that could aid in creating a successful technology attack.

To ensure information security and protect against these social engineering efforts, remind your users that handwritten notes are no different that printed pages and the best thing that can be done to thwart a hacking incident is to shred those notes.

author avatar
Nate Freidhoff