Employees can steal data via personal flash drives and email. If an employee needs to work from home or take documents home from the office always have them check with your IT department and their supervisor to ensure they are following corporate policy. As an added measure of safety, have your IT department supply password protected flash drives to that employee after obtaining consent from their supervisor for the employee to use the flash drive. This is a simple system of checks and balances designed to serve as a deterrent.
- Establish clear policies for employees regarding accessing and saving documents and other files on shared network drives or flash drives and most important, internet and email usage.
- Hold regular meetings and trainings for executives and other managers to (re)educate them on your company's network usage policies.
-
For PC based networks, setup restrictions and policy setting on servers using Active Directory (http://www.
microsoft.com/ ) which will be applied on all desktops to restrict users' access to the network and what they are allowed to do on their computers.windowsserver2008/en/us/ad- main.aspx - Install a secure anti-virus software on each server and desktop that has virus, spam and spyware protection to block all traces of viruses, spam and spyware on the systems but most important, your network.
- Configure router and switches to block certain access to unnecessary open ports on the network.
- Setup email monitoring tools and software on your email server to monitor each employee’s use of incoming and outgoing emails and establish a limit and restrict to whom they are may to send external emails.
-
Set-up web filtering software like Websense (http://www.websense.
) or install a device like Cymphonix (http://www.com/content/Products.aspx ), a web gateway, to filter each user’s internet and application use on the network and generate a monthly report on each user’s activity on network, application and internet usage.cymphonix.com/ - Create a shared network drive and grant email access for a backup user for an employee in case of termination where that backup user will have access to that employees files and emails.
- Create a termination policy for 30 days when an employee is terminated to delete their account from the network so they cannot use their user ID to sign into the network or access email.