Solved

Folder Security best practise

Posted on 2016-08-01
5
28 Views
Last Modified: 2016-08-22
So we currently have 150 users who have access to the J: XXX and the V: XXX these shares have security groups which give permissions to all folders within the share.

We had an issue with users stealing documents before they leave.

My question is what would be best practice when a user hands in there resignation - would I just give the user access to the folders they need access to within the shares or is there a better solution?

Please advise
0
Comment
Question by:Technical Information
5 Comments
 
LVL 4

Expert Comment

by:Alexandre Michel
ID: 41737539
Hi

It is very hard to stop someone from stealing information if they have access to your server.
You can certainly change their permissions when they give their resignation, but you should discuss this with their direct supervisor. Doing this might affect their work and stop them from working efficiently  ... and could possibly aggravate them.

Someone that wants to steal  from your company, can very well start copying files & folders well before they submit their resignation.

Unless you invest in 3rd party applications, if they can read a folder, then they can copy the content of the folder and it is hard to monitor, prove, alert you they are doing this right now. You can block access to USB ports, you can block access to cloud storage devices, you can monitor emails, etc...

This where a good employment contract  covers your company against such actions

Assuming the employee stole the information to use at his/her next employer, you can contact the next employer (via a law firm) and inform them they risk legal action if they do not delete immediately any copy of the stolen info (as a Network Admin in a company that had just hired someone that had - unknown to us - also stolen info from his previous employer, I was at the receiving end of such letter)

Alex
0
 
LVL 1

Author Comment

by:Technical Information
ID: 41737591
Thanks for the advice - I understand the above but would like instructions regarding Folder security
0
 
LVL 39

Accepted Solution

by:
Adam Brown earned 250 total points (awarded by participants)
ID: 41737616
There isn't a way to prevent people from taking files they have access to with just the normal Folder security settings. What you would need to utilize is a Data Loss Prevention (DLP) solution. With just windows server, you would utilize AD Rights Management Services to limit users' ability to copy data to other locations, forward messages, or perform other actions with files that are not covered specifically by file permissions. https://technet.microsoft.com/en-us/library/cc771627(v=ws.11).aspx has a lot of information on AD RMS that should help you understand some of what you can do.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 250 total points (awarded by participants)
ID: 41739729
We have implemented Fortigate as DLP;  Its an automated preventive device that can block sensitive information from leaving the internal network, while at the same time logging the offenders. http://cookbook.fortinet.com/preventing-data-leaks/
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 41764164
Closing. Noted answers give the information requested or provide solutions that meet the original question requirements
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question