Hi,
Greetings!
In our company, our confidential information is leaking through employees. We have cameras in place. Could any of you guide me on what system you are adopting in your organization?
Thanks,
Minal
From India, Vadodara
Acknowledge(0)
Amend(0)
Greetings!
In our company, our confidential information is leaking through employees. We have cameras in place. Could any of you guide me on what system you are adopting in your organization?
Thanks,
Minal
From India, Vadodara
Acknowledge(0)Amend(0)
Dear Minal,
You may not be able to control the leakage of information through the cameras that are installed. Concentrate on the following points:
a) Is there any pattern in the leakage of information?
b) Who are the custodians of information? Are they security conscious?
c) Has the leakage taken place of soft information or hard information?
d) Have you disabled USB drives or floppy drives? Who can access the internet? Do you perform checks on the emails that employees send (it may not be possible to have a 100% check, but some percentage check has to be done)?
e) Do you conduct checks of abandoned papers at the photocopying machine? Do you check the employees' dustbins before throwing the garbage (this may sound like a dirty job, but it has to be done)?
f) Do you check the employees' desks after their exit? How many of them lock their drawers or cupboards, and how many do not?
g) Who has access to the duplicate keys? How frequently do you rotate the keys? How often do you change the locks?
h) Are visitors allowed to take their laptops inside? If yes, do security personnel make appropriate records?
Ok...
Dinesh V Divekar
"Limit of your words is the limit of your world"
From India, Bangalore
Acknowledge(0)Amend(0)
8032You may not be able to control the leakage of information through the cameras that are installed. Concentrate on the following points:
a) Is there any pattern in the leakage of information?
b) Who are the custodians of information? Are they security conscious?
c) Has the leakage taken place of soft information or hard information?
d) Have you disabled USB drives or floppy drives? Who can access the internet? Do you perform checks on the emails that employees send (it may not be possible to have a 100% check, but some percentage check has to be done)?
e) Do you conduct checks of abandoned papers at the photocopying machine? Do you check the employees' dustbins before throwing the garbage (this may sound like a dirty job, but it has to be done)?
f) Do you check the employees' desks after their exit? How many of them lock their drawers or cupboards, and how many do not?
g) Who has access to the duplicate keys? How frequently do you rotate the keys? How often do you change the locks?
h) Are visitors allowed to take their laptops inside? If yes, do security personnel make appropriate records?
Ok...
Dinesh V Divekar
"Limit of your words is the limit of your world"
From India, Bangalore
Acknowledge(0)Amend(0)
Usually companies follow a system where every mail that goes out stored with sysy admin .So it can be chceked if it is done in soft info way..............
From India, New Delhi
Acknowledge(0)Amend(0)
From India, New Delhi
Acknowledge(0)Amend(0)
Hi, It may be that few of your consultants/Vendors involved in it. One preventive action plan may be prepare a NDA (Non disclsoure agreement) & get it signed from your employees & consultants.
From India, Delhi
Acknowledge(0)Amend(0)
From India, Delhi
Acknowledge(0)Amend(0)
First of all, you must draft a code of conduct policy and circulate it to all. In this policy, define the punishment for leaking confidential information. If individuals are aware of the potential outcome, they are less likely to engage in such behavior. Should they repeat the offense, management is then free to take action, as outlined in the code of conduct and standing order terms.
This system serves to restrain the leaking of confidential information. Additionally, if you are familiar with the individuals involved, providing a moral lecture on a one-to-one basis or in a group setting can have a direct impact, prompting them to consider the consequences of their actions.
I believe that these approaches will be effective in addressing the issue.
P. K. MISHRA
From India
Acknowledge(0)Amend(0)
This system serves to restrain the leaking of confidential information. Additionally, if you are familiar with the individuals involved, providing a moral lecture on a one-to-one basis or in a group setting can have a direct impact, prompting them to consider the consequences of their actions.
I believe that these approaches will be effective in addressing the issue.
P. K. MISHRA
From India
Acknowledge(0)Amend(0)
Dear Minal,
While placing cameras at strategic locations is a definite advantage, it is not the only control measure you can implement. Assuming you have yet to identify the source of the leakage, there are some questions that need to be addressed:
1. Do you use computers?
2. Do you have an internet connection? If so, they may be sharing information over the internet.
3. Word-of-mouth information sharing is usually difficult to monitor, but having proper policies and procedures in place can be beneficial. Do you have established policies outlining what constitutes confidential information within your organization and that sharing such information is prohibited?
Suggestions can be provided once the current situation is clarified, which will aid in better understanding the issue.
Regards,
Sripati
Information Security Compliance
From India, Hyderabad
Acknowledge(0)Amend(0)
While placing cameras at strategic locations is a definite advantage, it is not the only control measure you can implement. Assuming you have yet to identify the source of the leakage, there are some questions that need to be addressed:
1. Do you use computers?
2. Do you have an internet connection? If so, they may be sharing information over the internet.
3. Word-of-mouth information sharing is usually difficult to monitor, but having proper policies and procedures in place can be beneficial. Do you have established policies outlining what constitutes confidential information within your organization and that sharing such information is prohibited?
Suggestions can be provided once the current situation is clarified, which will aid in better understanding the issue.
Regards,
Sripati
Information Security Compliance
From India, Hyderabad
Acknowledge(0)Amend(0)
Dear Minal,
If the data is in electronic form, you can implement the following points:
A. Block the USB ports of the critical machines, i.e. Desktops, Printers, and Laptops.
B. Put watermarks on all documents with your company's logo. The server needs to filter such documents and block those containing the watermark.
C. Enable documents with passwords to authenticate sharing and viewing.
D. Maintain track records of data. Settings need to be configured from the server file-sharing systems.
Minal, please let me know if you need any further information.
From India, Mumbai
Acknowledge(0)Amend(0)
If the data is in electronic form, you can implement the following points:
A. Block the USB ports of the critical machines, i.e. Desktops, Printers, and Laptops.
B. Put watermarks on all documents with your company's logo. The server needs to filter such documents and block those containing the watermark.
C. Enable documents with passwords to authenticate sharing and viewing.
D. Maintain track records of data. Settings need to be configured from the server file-sharing systems.
Minal, please let me know if you need any further information.
From India, Mumbai
Acknowledge(0)Amend(0)
Five Ways to Turn Employees into Security Assets for Protecting Data
Sujan
Source: [Five Ways to Turn Employees into Security Assets for Protecting Data - CSO Online - Security and Risk](http://www.csoonline.com/article/343968/five-ways-to-turn-employees-into-security-assets-for-protecting-data?page=1)
From India, Bangalore
Acknowledge(0)Amend(0)
Sujan
Source: [Five Ways to Turn Employees into Security Assets for Protecting Data - CSO Online - Security and Risk](http://www.csoonline.com/article/343968/five-ways-to-turn-employees-into-security-assets-for-protecting-data?page=1)
From India, Bangalore
Acknowledge(0)Amend(0)
Of course, it is a great practical problem.
There is definitely some motivation and behavior problem in your organization.
For your soft data at the earliest, you should contact a good system administrating engineer for server blockage, USB mode blockage, and updated firewall, and hourly tracking of the same.
At the same time, develop some SOPs (Standard Operating Procedures) for your staff.
Try to develop a paperless system in your organization.
Ask all employees not to bring any bag/paper when they come to the office except for the lunch box.
Ask your security system to check everyone thoroughly, including top management staff, at the time of arrival and departure from the office.
Track all incoming and outgoing telephone calls.
Ask all your employees to use the landline phones connected to an updated recording and monitoring system for internal training and tracking purposes.
First, develop all these things and then call a general meeting with all the HODs to explain the same. Also, be strict with them if they do not follow the rules and regulations.
Initially, they might be against you, but ultimately they will either change themselves or quit the company.
It is better for a pool to drain the stagnant water at regular intervals!
For further discussion, please feel free to contact me at "thebanerjies@gmail.com."
Regards,
Ratul
From India, New Delhi
Acknowledge(0)Amend(0)
There is definitely some motivation and behavior problem in your organization.
For your soft data at the earliest, you should contact a good system administrating engineer for server blockage, USB mode blockage, and updated firewall, and hourly tracking of the same.
At the same time, develop some SOPs (Standard Operating Procedures) for your staff.
Try to develop a paperless system in your organization.
Ask all employees not to bring any bag/paper when they come to the office except for the lunch box.
Ask your security system to check everyone thoroughly, including top management staff, at the time of arrival and departure from the office.
Track all incoming and outgoing telephone calls.
Ask all your employees to use the landline phones connected to an updated recording and monitoring system for internal training and tracking purposes.
First, develop all these things and then call a general meeting with all the HODs to explain the same. Also, be strict with them if they do not follow the rules and regulations.
Initially, they might be against you, but ultimately they will either change themselves or quit the company.
It is better for a pool to drain the stagnant water at regular intervals!
For further discussion, please feel free to contact me at "thebanerjies@gmail.com."
Regards,
Ratul
From India, New Delhi
Acknowledge(0)Amend(0)Looking for something specific? - Join & Be Part Of Our Community and get connected with the right people who can help. Our AI-powered platform provides real-time fact-checking, peer-reviewed insights, and a vast historical knowledge base to support your search.
Information Security Awareness.ppt
Confidential Information & Protection-II.d ocx