Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Protect company confidential data when employee is on leave to set up his own company

Posted on 2015-02-23
6
Medium Priority
?
120 Views
Last Modified: 2015-03-04
Hi

We have an employee who just handed in the notice of leaving. That person has access to company computer and laptop and also has usb drive with some of the data. He is using company's emails hosted on our Exchange 2003 server.
I need to be able to monitor/audit the information he is accessing and the emails he is deleting/forwarding. It would be good if I could wipe his laptop/smartphone remotely. Additionally, I need to be able to retain control over our data so he just doesn't walk away with it and doesn't do any damage.

I welcome all the ideas but would prefer checked and tested solutions.

Thank you
Tom
0
Comment
Question by:Tom Skowyrski
6 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 40625425
Tom,

Auditing enabled on all document shares if your firm does not already using a document anagement system that records all access.

You should check with legal.  If the firm is not concerned, why are you?

Presumably, the firm has a legal framework ..............
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 668 total points
ID: 40625464
Two words.

Gardening Leave.

Well three.. lawyers.

This is one of those things that IT should not be driving. If he has handed in his notice to start his own company then he should be escorted from the building.
Although it is probably too late. If there was anything he wanted he has already lifted copies of it and will not touch anything else while on notice.

Ultimately you are going to be limited on what you can do. While it is possible to audit access, particularly with Exchange you cannot do so at an item level. Furthermore you cannot audit an individual easily. Auditing is one of those things that needs to be planned carefully, otherwise you end up with a lot of lots (and I mean a LOT) which you cannot do anything with.

Simon.
0
 

Author Comment

by:Tom Skowyrski
ID: 40625495
Hi Simon

Luckily my customer understands the situation and the IT position a little bit more than I thought they will as I have just spoken to the MD and was informed that they are seeking legal advice. The point is that  they are fully aware that everything he needed he has already copied (probability of that is 99%). It is just the case of knowing the options I guess. I talked to the about the following:
* we can recover his deleted emails on exchange so we can review anything he was trying to hide
* we can remotely delete the files on his work laptop and his pc (I am using Logmein Pro)
* we can set the Deny permission on the files and folders he should not have access to
* we can limit his vpn access
Saying that, I was wondering if there is anything else I can do that I am not aware of?

Also, could you please answer the additional questions I have at the moment:
* what is the default policy on Exchange 2003 for keeping Deleted Items?
* can I set up auto forwarding of the sent items to somebody else? Maybe using rules in OWA?
* I would like to use Deny permission for minimising the possibility of the need to restore files from backup shall the employee turn nasty. Do you think that is a good idea?
* is there a permission to prevent user from deleting items while keeping the read/write access?

regards,
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:Tom Skowyrski
ID: 40625508
Arnold, we only use standard/default auditing on the SBS 2003 file server. From my experience, this is not enough to record the access to the documents, is it?  
Can you give me few example of document management systems that record all access to files?

It is possible that we can use this situation as the lesson to improve the systems and put policies in place. I would appreciate any information which could make it all easier in the future.

regards,
0
 
LVL 12

Assisted Solution

by:andreas
andreas earned 668 total points
ID: 40625528
You only can prevent data stealing if.

1. All emails outgoing are audited
2. Employees do not have access to any external mass storage such as usb drives or dvd burners
3. All files need to be saved encrypted and can only be encrypted with a smartcard. Users should not be able to save to unebcrypted files/folders.

So once you want an employee to block access you cancel his smartcard.
Unencrypted copies couldnt be saved b4.

And all outgoing mailings can be monitored. So you could check if employee sends out sensitive informations.

All other things leaves possibilities for leakage. Usually hostile employes on leaving will steal data of use in long run b4 they file leave notices. Once they file they already have what they need/want.

Remite deletion of laptops might not be sucessful if never conected online again.
He already might have images of the harddisk.

Smarthpone content can also be fully backuped if he jailbreaked\ rooted the device.

When employees are able to take files out during employment time you cant prevent stealing.

For current case cancel all logins of that employee and put him on paid leave until contract ends.
0
 
LVL 80

Assisted Solution

by:arnold
arnold earned 664 total points
ID: 40626122
Most document management systems opentext ECM, documentum, alfresco.  Each document has to be checked out by the user. Alterations are maintain through versioning.

Trying to restrict now access to file the individual should have had rights to access is .....

Check a share on the sbs, check its properties, advanced, auditing tab, is there It enabled?

This enables the auditing on a file basis, you could enable auditing just for this user to any/all shares.  These events are recorded in the eventlog (security I believe) so you have to make sure it is large enough as well as .........

Splunk is a tool that can aggregate event log entries and is searchable, etc.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question