Link to home
Start Free TrialLog in
Avatar of roy_batty
roy_battyFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Setting up a honeypot to test a staff member for trustworthyness

I have been tasked with setting up a honeypot to test whether a particular member of staff is steeling company data. This staff member has been warned before and has admitted he has stolen data in the past.

The manager has give him a second chance but still feels he is taking advantage of his position to access and make copies of the data for himself.

He has asked me to set up a file containing containing fake information and then he wants be to monitor said file for suspicious activity.

Does anyone have any advice on how I can technically achieve this?
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of btan
btan

if it is a clear cut case of behavior abuses and staff is still allowed to continue on the job then this is the risk which I doubt it is the case or even a company HR policy . henceforth, it is likely to be the case of minor charge (and probably in view of staff contribution), the second chance is allowed then monitoring will not bode well on the employer end - furthermore we need to ask ourselves if this is a consistent treat to all such cases and even make privately only to staff or to all. It does make a difference to the message sent across to everyone including mgmt. and not to the staff of concern.

of course, we are not talking about public shaming and preaching just proper usage, but the annual regime for acceptable usage policy is essential reminder at wide and specific role/involvement of staff in job function for project need to have another AUP catered to it - for the case of awareness of abuses of special privileges in such involvement. Insider threat programme should be planned rather than an one-off target employee one by one adhoc or demand basis.

Privacy protection need to stay in course with incident handling such that company reputation will not be at stake. There are cases where leaking of company IP via staff inadvertently and cases where staff simply being too reckless and being spied by adversary. Eventually evidence trail leading to chain of event need to be investigated and having those monitoring effort may rather be collective rather than a single one-off deployment. It needs to be planned out carefully and supported by mgmt. - safeguard yourself of unnecessary accusation too on the action to be taken. chain of custody is a need and not a want.

Instead of "spying" maybe think of instead reviewing the staff usage and privileges or change of role function if remaining in the company for a period of "restriction" to proof the staff integrity before admitting him into any strategic involvement. Otherwise, strict messaging such as tolerance to any abuses and unauthorized action should not be tolerated and this need strong message to everyone - no second is (and will ever be) given - this is not fear instilling but part of discipline and enforcement.
Avatar of roy_batty

ASKER

Thnaks
Thank you Roy