General discussion


Prevent files from leaving office?

By edacevedo1 ·
I would appreciate any suggestions on preventing business files from being copied and taken home by employees. I?ve considered removing floppy drives and disabling USB ports. Are there any other areas that can be and should be secured? Is it possible to prevent a file from being accessed if it is not residing on a specific server or workstation? Bottom line, how can an employer give file access to employees while in the office, yet prevent those employees from accessing those files outside of the office?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by Toivo Talikka In reply to Prevent files from leavin ...

Make sure the employees cannot install any utilities or applications which would send files or screen images to their own server. Make sure there is no spyware, trojans or viruses on any of the workstations or servers. Limit the type of file attachments people can send and have a content scan done on all the emails for key words or suspicious content.

If you can scramble the files and create special applications to access them, making sure the applications and methods are not generally available, your files would be pretty safe. Unless one of your employees has access to a supercomputer, of course.

Not so long ago some applications required hardware dongles to work. Encryption in general would improve security. Have a look what digital keys can do for you.

Limit access to the server directories. You should also enable some level of auditing, to have a record who has accessed the confidential files and when. Limit the logon times to working hours and check the security logs on a daily basis, or have an application send any alerts to your mobile phone or paging device.

Update your company's IT security policy, publish it and make your employees aware that monitoring is going on and that stealing information is a dismissable offence.

In addition to monitoring by way of logging events, you could also practice good old management by walking around and do a bit of shoulder surfing to see what the employees get up to.

If the employees have access to information on their screens through a browser, you can set up a stylesheet which disables printing.

If you remove floppy drives and USB memory sticks, you should ban mobile phones with digital cameras, too.

Maybe a brainscan before they leave the premises?

Seriously, make sure your actions comply with the local legistlation. Your employees should sign some undertaking of confidentiality, unless this is already part of their contract of employment.

Collapse -

by Toivo Talikka In reply to

I guess somehow one would have to prevent screen snapshots (Alt-PrintScreen, then paste into a document) from being printed, too.

However, I still think that the biggest information leaks happen don't involve printouts or electronic media, they just walk out of the door, and, as everyone knows, 'loose lips sink ships'.

Collapse -

by muthukumar.g In reply to Prevent files from leavin ...

i would suggest a secured file server with encrypted file storage facility, can be accessed from permitted IP range. I hope there are number of such systems available in market - ofcourse an administrator is also required to take care of managing sytems and logs..

Collapse -

by bart777 In reply to Prevent files from leavin ...

There is a great set of programs that will allow you to control access to USB type devices and still give the users the ability to work.

I have used the product at a few financial institutions and they like it a lot. You can set it up so that users can use the USB ports for some devicess but if they try to put a memory type device in the machine it will encrypt the memory stick so that it can only be accessed from that one machine or another on the netowrk.

Real handy program and fully configurable depending on how tight you want the network to be.

Good luck

Collapse -

by OTL In reply to Prevent files from leavin ...

I may not be the Lightest Bright bulb out of the box, but what prevents them from printing the file to take home ? (OCR's are wonderful now! )

Collapse -

by pierrejamme In reply to Prevent files from leavin ...

Whatever happened to Responsible supervision?
Oh well,

Collapse -

by hozcanhan In reply to Prevent files from leavin ...

eacevedo , "how can an employer give file access to employees while in the office, yet prevent those employees from accessing those files outside of the office?" . YOU have to spend a bit if you want a professional solution . The remedy is electronic document management ( those that include encryption as well ) IF NOT , you can "devise" a method for your own site. Set up all file servers and document saves as encrypted data . Put the keys on the clients and local files as you defined . Change the keys regulary . A person taking an encrypted file home cannot read it without the key ! no one should know where the key file resides .

Collapse -

by secureplay In reply to Prevent files from leavin ...

The real question is... how serious is this problem and what is the value of the material that is being protected?

First, you should have a clear, written policy that all of your employees need to sign about the confidentiality of company information and that removal of such information without approval is a firing offence and may open them up to civil or criminal litigation.

Second, you should minimize the amount of truly sensitive information and all such information should be clearly marked.. not everything is "classified". Also, by making such a clear distinction, you will support a legal case that you are not just protecting everything.

Third, if the information is this sensitive...why is it online in a shared environment? Physically control highly sensitive material. Payroll should not be online for everyone to see. Separate computers or removable hard drives are cheap and effective solutions to physically isolate and protect your most sensitive information.

Fourth, use tools to make access to sensitive information accountable either with physical or electronic logs so that if information is disclosed, you know who may have done it and assess the damage and recover (and sue or prosecute).

Finally, look at access control tools & device restrictions... they may work, but they are often circumventable.

Related Discussions

Related Forums