Securing SBS 2003 data from internal mis-use or robbery

I have an SBS 2003 server and XP Pro workstations. We have less than 10 users. Our data is extremely valuable and often confidential. I have 2 areas which are currently security holes for data in my network:

1. I assign users particular projects. These users have the ability to work with the data (mostly MS Word docs) regarding the project. Other users must not be allowed access.

Possible solution: NTFS permissions. But this does not prevent users with the permission to access files, copying them and making them available to other persons.

2. I need to prevent that any data from leaving our premises (either via email, copying to floppy, USB stick or even the servers hard disk being removed!). Putting it blunting, I don't want data to be stolen!

Possible solution: Encryption using private/public key rings? Administrative nightmare? Expensive?

Any ideas what measures I can put into practise to allow data just to be used by authorised persons and preventing it from wandering outside of our network.

Thanks for your comments.
Who is Participating?
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:

For sure you should be using file Encryption but are you aware of Office 2003's Information Rights Management feature?

I think that this would really be the way for you to manage these things.  It's not expensive (you already have it if you have Office 2003 and Windows Server 2003) and it's fairly easy to manage, considering the complexity of it all.

Then, to stop any document or data from being taken, you need to ensure that you disable all USB ports on each workstation.  But there are many other things to consider, such as emailing information, etc.  You should probably take a look at this article which is quite good:

Have a look at Terminal Services and thin clients, this might prove to be the ultimate solution. Set up a separate Windows 2003 Terminal Server (this will be a completely locked down workstation) and some Wyse thin clients (for example Winterm 1125SE,

True thin clients do not have any means of copying data to other media (no usb, floppy drives, etc) and data cannot be copy/pasted from the client. As long as they can't use e-mail or a webbrowser from the Terminal Server, that is.

100% security is probably utopia. If somebody wants to steal data, they can copy it with pencil and paper.

Terminal Services is a one time investment that, in your situation, will probably be around $4000-$5000 depending on your server performance needs. But it'll protect your data far better than XP clients with encryption and this it offers great central management features.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.