How Do You Prevent Confidential Information Leaks in Your Company?

Hi,

Greetings!

In our company, our confidential information is leaking through employees. We have cameras in place. Could any of you guide me on what system you are adopting in your organization?

Thanks,
Minal

Dear Minal,

You may not be able to control the leakage of information through the cameras that are installed. Concentrate on the following points:

a) Is there any pattern in the leakage of information?
b) Who are the custodians of information? Are they security conscious?
c) Has the leakage taken place of soft information or hard information?
d) Have you disabled USB drives or floppy drives? Who can access the internet? Do you perform checks on the emails that employees send (it may not be possible to have a 100% check, but some percentage check has to be done)?
e) Do you conduct checks of abandoned papers at the photocopying machine? Do you check the employees' dustbins before throwing the garbage (this may sound like a dirty job, but it has to be done)?
f) Do you check the employees' desks after their exit? How many of them lock their drawers or cupboards, and how many do not?
g) Who has access to the duplicate keys? How frequently do you rotate the keys? How often do you change the locks?
h) Are visitors allowed to take their laptops inside? If yes, do security personnel make appropriate records?

Ok...

Dinesh V Divekar

"Limit of your words is the limit of your world"

Usually, companies follow a system where every email that is sent out is stored with the system administrator. This allows for easy checking to ensure that it is done in a safe and secure manner.

Hi,

It may be that few of your consultants/vendors are involved in it. One preventive action plan may be to prepare a NDA (Non-disclosure Agreement) and get it signed from your employees and consultants.

First of all, you must draft a code of conduct policy and circulate it to all. In this policy, define the punishment for leaking confidential information. If individuals are aware of the potential outcome, they are less likely to engage in such behavior. Should they repeat the offense, management is then free to take action, as outlined in the code of conduct and standing order terms.

This system serves to restrain the leaking of confidential information. Additionally, if you are familiar with the individuals involved, providing a moral lecture on a one-to-one basis or in a group setting can have a direct impact, prompting them to consider the consequences of their actions.

I believe that these approaches will be effective in addressing the issue.

P. K. MISHRA

Dear Minal,

While placing cameras at strategic locations is a definite advantage, it is not the only control measure you can implement. Assuming you have yet to identify the source of the leakage, there are some questions that need to be addressed:

1. Do you use computers?
2. Do you have an internet connection? If so, they may be sharing information over the internet.
3. Word-of-mouth information sharing is usually difficult to monitor, but having proper policies and procedures in place can be beneficial. Do you have established policies outlining what constitutes confidential information within your organization and that sharing such information is prohibited?

Suggestions can be provided once the current situation is clarified, which will aid in better understanding the issue.

Regards,
Sripati
Information Security Compliance

Dear Minal,

If the data is in electronic form, you can implement the following points:

A. Block the USB ports of the critical machines, i.e. Desktops, Printers, and Laptops.
B. Put watermarks on all documents with your company's logo. The server needs to filter such documents and block those containing the watermark.
C. Enable documents with passwords to authenticate sharing and viewing.
D. Maintain track records of data. Settings need to be configured from the server file-sharing systems.

Minal, please let me know if you need any further information.

Five Ways to Turn Employees into Security Assets for Protecting Data

Sujan

Source: [Five Ways to Turn Employees into Security Assets for Protecting Data - CSO Online - Security and Risk](http://www.csoonline.com/article/343968/five-ways-to-turn-employees-into-security-assets-for-protecting-data?page=1)

Of course, it is a great practical problem.

There is definitely some motivation and behavior problem in your organization.

For your soft data at the earliest, you should contact a good system administrating engineer for server blockage, USB mode blockage, and updated firewall, and hourly tracking of the same.

At the same time, develop some SOPs (Standard Operating Procedures) for your staff.

Try to develop a paperless system in your organization.

Ask all employees not to bring any bag/paper when they come to the office except for the lunch box.

Ask your security system to check everyone thoroughly, including top management staff, at the time of arrival and departure from the office.

Track all incoming and outgoing telephone calls.

Ask all your employees to use the landline phones connected to an updated recording and monitoring system for internal training and tracking purposes.

First, develop all these things and then call a general meeting with all the HODs to explain the same. Also, be strict with them if they do not follow the rules and regulations.

Initially, they might be against you, but ultimately they will either change themselves or quit the company.

It is better for a pool to drain the stagnant water at regular intervals!

For further discussion, please feel free to contact me at "thebanerjies@gmail.com."

Regards,

Ratul

Best option is to get certified for information security management system (ISO 27001:2005) from any reputed certification agency.

---

The best option is to obtain certification for the Information Security Management System (ISO 27001:2005) from a reputable certification agency.

If there is any doubt about leakage, try to prove it. As a disciplinary action, shift him/her out of the department mercilessly.

Hi, this is Suresh. Recently, I've joined as an Assistant HR Executive in a shopping mall. According to my knowledge, mistakes have been made in the following aspects:

1. Delegation of authority.
2. Focus on technical loopholes, such as data protection.
3. Accountability of the superiors for mistakes.

Please let me know if you need further clarification or assistance.