Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Folder Security best practise

Posted on 2016-08-01
5
Medium Priority
?
36 Views
Last Modified: 2016-08-22
So we currently have 150 users who have access to the J: XXX and the V: XXX these shares have security groups which give permissions to all folders within the share.

We had an issue with users stealing documents before they leave.

My question is what would be best practice when a user hands in there resignation - would I just give the user access to the folders they need access to within the shares or is there a better solution?

Please advise
0
Comment
Question by:Technical Information
5 Comments
 
LVL 4

Expert Comment

by:Alexandre Michel
ID: 41737539
Hi

It is very hard to stop someone from stealing information if they have access to your server.
You can certainly change their permissions when they give their resignation, but you should discuss this with their direct supervisor. Doing this might affect their work and stop them from working efficiently  ... and could possibly aggravate them.

Someone that wants to steal  from your company, can very well start copying files & folders well before they submit their resignation.

Unless you invest in 3rd party applications, if they can read a folder, then they can copy the content of the folder and it is hard to monitor, prove, alert you they are doing this right now. You can block access to USB ports, you can block access to cloud storage devices, you can monitor emails, etc...

This where a good employment contract  covers your company against such actions

Assuming the employee stole the information to use at his/her next employer, you can contact the next employer (via a law firm) and inform them they risk legal action if they do not delete immediately any copy of the stolen info (as a Network Admin in a company that had just hired someone that had - unknown to us - also stolen info from his previous employer, I was at the receiving end of such letter)

Alex
0
 
LVL 2

Author Comment

by:Technical Information
ID: 41737591
Thanks for the advice - I understand the above but would like instructions regarding Folder security
0
 
LVL 43

Accepted Solution

by:
Adam Brown earned 1000 total points (awarded by participants)
ID: 41737616
There isn't a way to prevent people from taking files they have access to with just the normal Folder security settings. What you would need to utilize is a Data Loss Prevention (DLP) solution. With just windows server, you would utilize AD Rights Management Services to limit users' ability to copy data to other locations, forward messages, or perform other actions with files that are not covered specifically by file permissions. https://technet.microsoft.com/en-us/library/cc771627(v=ws.11).aspx has a lot of information on AD RMS that should help you understand some of what you can do.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 1000 total points (awarded by participants)
ID: 41739729
We have implemented Fortigate as DLP;  Its an automated preventive device that can block sensitive information from leaving the internal network, while at the same time logging the offenders. http://cookbook.fortinet.com/preventing-data-leaks/
0
 
LVL 43

Expert Comment

by:Adam Brown
ID: 41764164
Closing. Noted answers give the information requested or provide solutions that meet the original question requirements
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question