Solved

Protect company confidential data when employee is on leave to set up his own company

Posted on 2015-02-23
6
113 Views
Last Modified: 2015-03-04
Hi

We have an employee who just handed in the notice of leaving. That person has access to company computer and laptop and also has usb drive with some of the data. He is using company's emails hosted on our Exchange 2003 server.
I need to be able to monitor/audit the information he is accessing and the emails he is deleting/forwarding. It would be good if I could wipe his laptop/smartphone remotely. Additionally, I need to be able to retain control over our data so he just doesn't walk away with it and doesn't do any damage.

I welcome all the ideas but would prefer checked and tested solutions.

Thank you
Tom
0
Comment
Question by:it10
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 40625425
Tom,

Auditing enabled on all document shares if your firm does not already using a document anagement system that records all access.

You should check with legal.  If the firm is not concerned, why are you?

Presumably, the firm has a legal framework ..............
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 167 total points
ID: 40625464
Two words.

Gardening Leave.

Well three.. lawyers.

This is one of those things that IT should not be driving. If he has handed in his notice to start his own company then he should be escorted from the building.
Although it is probably too late. If there was anything he wanted he has already lifted copies of it and will not touch anything else while on notice.

Ultimately you are going to be limited on what you can do. While it is possible to audit access, particularly with Exchange you cannot do so at an item level. Furthermore you cannot audit an individual easily. Auditing is one of those things that needs to be planned carefully, otherwise you end up with a lot of lots (and I mean a LOT) which you cannot do anything with.

Simon.
0
 

Author Comment

by:it10
ID: 40625495
Hi Simon

Luckily my customer understands the situation and the IT position a little bit more than I thought they will as I have just spoken to the MD and was informed that they are seeking legal advice. The point is that  they are fully aware that everything he needed he has already copied (probability of that is 99%). It is just the case of knowing the options I guess. I talked to the about the following:
* we can recover his deleted emails on exchange so we can review anything he was trying to hide
* we can remotely delete the files on his work laptop and his pc (I am using Logmein Pro)
* we can set the Deny permission on the files and folders he should not have access to
* we can limit his vpn access
Saying that, I was wondering if there is anything else I can do that I am not aware of?

Also, could you please answer the additional questions I have at the moment:
* what is the default policy on Exchange 2003 for keeping Deleted Items?
* can I set up auto forwarding of the sent items to somebody else? Maybe using rules in OWA?
* I would like to use Deny permission for minimising the possibility of the need to restore files from backup shall the employee turn nasty. Do you think that is a good idea?
* is there a permission to prevent user from deleting items while keeping the read/write access?

regards,
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 

Author Comment

by:it10
ID: 40625508
Arnold, we only use standard/default auditing on the SBS 2003 file server. From my experience, this is not enough to record the access to the documents, is it?  
Can you give me few example of document management systems that record all access to files?

It is possible that we can use this situation as the lesson to improve the systems and put policies in place. I would appreciate any information which could make it all easier in the future.

regards,
0
 
LVL 12

Assisted Solution

by:andreas
andreas earned 167 total points
ID: 40625528
You only can prevent data stealing if.

1. All emails outgoing are audited
2. Employees do not have access to any external mass storage such as usb drives or dvd burners
3. All files need to be saved encrypted and can only be encrypted with a smartcard. Users should not be able to save to unebcrypted files/folders.

So once you want an employee to block access you cancel his smartcard.
Unencrypted copies couldnt be saved b4.

And all outgoing mailings can be monitored. So you could check if employee sends out sensitive informations.

All other things leaves possibilities for leakage. Usually hostile employes on leaving will steal data of use in long run b4 they file leave notices. Once they file they already have what they need/want.

Remite deletion of laptops might not be sucessful if never conected online again.
He already might have images of the harddisk.

Smarthpone content can also be fully backuped if he jailbreaked\ rooted the device.

When employees are able to take files out during employment time you cant prevent stealing.

For current case cancel all logins of that employee and put him on paid leave until contract ends.
0
 
LVL 78

Assisted Solution

by:arnold
arnold earned 166 total points
ID: 40626122
Most document management systems opentext ECM, documentum, alfresco.  Each document has to be checked out by the user. Alterations are maintain through versioning.

Trying to restrict now access to file the individual should have had rights to access is .....

Check a share on the sbs, check its properties, advanced, auditing tab, is there It enabled?

This enables the auditing on a file basis, you could enable auditing just for this user to any/all shares.  These events are recorded in the eventlog (security I believe) so you have to make sure it is large enough as well as .........

Splunk is a tool that can aggregate event log entries and is searchable, etc.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question