Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 40
  • Last Modified:

Folder Security best practise

So we currently have 150 users who have access to the J: XXX and the V: XXX these shares have security groups which give permissions to all folders within the share.

We had an issue with users stealing documents before they leave.

My question is what would be best practice when a user hands in there resignation - would I just give the user access to the folders they need access to within the shares or is there a better solution?

Please advise
0
Technical Information
Asked:
Technical Information
2 Solutions
 
Alexandre MichelManager; IT ConsultantCommented:
Hi

It is very hard to stop someone from stealing information if they have access to your server.
You can certainly change their permissions when they give their resignation, but you should discuss this with their direct supervisor. Doing this might affect their work and stop them from working efficiently  ... and could possibly aggravate them.

Someone that wants to steal  from your company, can very well start copying files & folders well before they submit their resignation.

Unless you invest in 3rd party applications, if they can read a folder, then they can copy the content of the folder and it is hard to monitor, prove, alert you they are doing this right now. You can block access to USB ports, you can block access to cloud storage devices, you can monitor emails, etc...

This where a good employment contract  covers your company against such actions

Assuming the employee stole the information to use at his/her next employer, you can contact the next employer (via a law firm) and inform them they risk legal action if they do not delete immediately any copy of the stolen info (as a Network Admin in a company that had just hired someone that had - unknown to us - also stolen info from his previous employer, I was at the receiving end of such letter)

Alex
0
 
Technical InformationAuthor Commented:
Thanks for the advice - I understand the above but would like instructions regarding Folder security
0
 
Adam BrownSr Solutions ArchitectCommented:
There isn't a way to prevent people from taking files they have access to with just the normal Folder security settings. What you would need to utilize is a Data Loss Prevention (DLP) solution. With just windows server, you would utilize AD Rights Management Services to limit users' ability to copy data to other locations, forward messages, or perform other actions with files that are not covered specifically by file permissions. https://technet.microsoft.com/en-us/library/cc771627(v=ws.11).aspx has a lot of information on AD RMS that should help you understand some of what you can do.
0
 
Fadi SODAH (aka madunix)Chief Information Security Officer, CISA, CISSP, CFR, ICATE, MCSE, CCNA, CCNP, CCIP, SCSC and SCECommented:
We have implemented Fortigate as DLP;  Its an automated preventive device that can block sensitive information from leaving the internal network, while at the same time logging the offenders. http://cookbook.fortinet.com/preventing-data-leaks/
0
 
Adam BrownSr Solutions ArchitectCommented:
Closing. Noted answers give the information requested or provide solutions that meet the original question requirements
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now