• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 123
  • Last Modified:

Protect company confidential data when employee is on leave to set up his own company

Hi

We have an employee who just handed in the notice of leaving. That person has access to company computer and laptop and also has usb drive with some of the data. He is using company's emails hosted on our Exchange 2003 server.
I need to be able to monitor/audit the information he is accessing and the emails he is deleting/forwarding. It would be good if I could wipe his laptop/smartphone remotely. Additionally, I need to be able to retain control over our data so he just doesn't walk away with it and doesn't do any damage.

I welcome all the ideas but would prefer checked and tested solutions.

Thank you
Tom
0
Tom Skowyrski
Asked:
Tom Skowyrski
3 Solutions
 
arnoldCommented:
Tom,

Auditing enabled on all document shares if your firm does not already using a document anagement system that records all access.

You should check with legal.  If the firm is not concerned, why are you?

Presumably, the firm has a legal framework ..............
0
 
Simon Butler (Sembee)ConsultantCommented:
Two words.

Gardening Leave.

Well three.. lawyers.

This is one of those things that IT should not be driving. If he has handed in his notice to start his own company then he should be escorted from the building.
Although it is probably too late. If there was anything he wanted he has already lifted copies of it and will not touch anything else while on notice.

Ultimately you are going to be limited on what you can do. While it is possible to audit access, particularly with Exchange you cannot do so at an item level. Furthermore you cannot audit an individual easily. Auditing is one of those things that needs to be planned carefully, otherwise you end up with a lot of lots (and I mean a LOT) which you cannot do anything with.

Simon.
0
 
Tom SkowyrskiAuthor Commented:
Hi Simon

Luckily my customer understands the situation and the IT position a little bit more than I thought they will as I have just spoken to the MD and was informed that they are seeking legal advice. The point is that  they are fully aware that everything he needed he has already copied (probability of that is 99%). It is just the case of knowing the options I guess. I talked to the about the following:
* we can recover his deleted emails on exchange so we can review anything he was trying to hide
* we can remotely delete the files on his work laptop and his pc (I am using Logmein Pro)
* we can set the Deny permission on the files and folders he should not have access to
* we can limit his vpn access
Saying that, I was wondering if there is anything else I can do that I am not aware of?

Also, could you please answer the additional questions I have at the moment:
* what is the default policy on Exchange 2003 for keeping Deleted Items?
* can I set up auto forwarding of the sent items to somebody else? Maybe using rules in OWA?
* I would like to use Deny permission for minimising the possibility of the need to restore files from backup shall the employee turn nasty. Do you think that is a good idea?
* is there a permission to prevent user from deleting items while keeping the read/write access?

regards,
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Tom SkowyrskiAuthor Commented:
Arnold, we only use standard/default auditing on the SBS 2003 file server. From my experience, this is not enough to record the access to the documents, is it?  
Can you give me few example of document management systems that record all access to files?

It is possible that we can use this situation as the lesson to improve the systems and put policies in place. I would appreciate any information which could make it all easier in the future.

regards,
0
 
andreasSystem AdminCommented:
You only can prevent data stealing if.

1. All emails outgoing are audited
2. Employees do not have access to any external mass storage such as usb drives or dvd burners
3. All files need to be saved encrypted and can only be encrypted with a smartcard. Users should not be able to save to unebcrypted files/folders.

So once you want an employee to block access you cancel his smartcard.
Unencrypted copies couldnt be saved b4.

And all outgoing mailings can be monitored. So you could check if employee sends out sensitive informations.

All other things leaves possibilities for leakage. Usually hostile employes on leaving will steal data of use in long run b4 they file leave notices. Once they file they already have what they need/want.

Remite deletion of laptops might not be sucessful if never conected online again.
He already might have images of the harddisk.

Smarthpone content can also be fully backuped if he jailbreaked\ rooted the device.

When employees are able to take files out during employment time you cant prevent stealing.

For current case cancel all logins of that employee and put him on paid leave until contract ends.
0
 
arnoldCommented:
Most document management systems opentext ECM, documentum, alfresco.  Each document has to be checked out by the user. Alterations are maintain through versioning.

Trying to restrict now access to file the individual should have had rights to access is .....

Check a share on the sbs, check its properties, advanced, auditing tab, is there It enabled?

This enables the auditing on a file basis, you could enable auditing just for this user to any/all shares.  These events are recorded in the eventlog (security I believe) so you have to make sure it is large enough as well as .........

Splunk is a tool that can aggregate event log entries and is searchable, etc.
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now