Imagine you have a sales guy for a few years and he quits on you one day to go work for a competitor. Their manager then asks the HR department for a copy of the person’s signed NDA and asks IT Company to allow access to their inbox and to forward all emails to a different salesperson. When the manager logs in to view their inbox, there are ZERO emails. Panicked, they then go to check all the files on their computer and see that many folders are empty…
We are not a law firm, so you will have to talk with your attorney about how to handle NDA portion of thisdetail, but what I do know is that you have to show proof of how the information was taken. This is where making sure your IT systems are correctly setup allows getting this proof possible and easy.
Here are 7 things you can ask your IT company to do so it is easier to enforce an employee NDA (and recover lost data):
1. Expand & enable computer audit logs
An audit log is a document that records an event in an information (IT) technology system. It typically documents what resources were accessed, a timestamp and user login information. By default, computers have some logging enabled, however, we always increase the size of it by 10-20x because the audit log will begin to overwrite itself as soon as it reaches the max size allowed, thus leaving you with no proof of what happened because there can be millions of events that happen in just a few days. You’ll want this audit log so you can prove that the employee stuck a USB drive into a computer prior to leaving and it’s even more helpful if your audit log has enough historical data to show that this isn’t typical behavior.
2. Enable logging on your email
Like computers, your email server has some logging enabled by default, however, you’ll want your IT company to expand it’s size by 20-50x to make sure enough historical data is captured. The larger your company, the larger you need to expand the log. These logs will allow you to see when a user logged in, when they deleted emails and give IT the ability to look for user behavior anomalies.
3. Disable USB drives entirely
In this day and age, who really needs to use USB drives anymore? Most people use email and a file collaboration tool such as Box, OneDrive, etc to share and access company data. It’s easier to control what happens in those two systems than a USB drive, so at this point you can have your IT company disable the ability for anyone to actually use a USB drive on your company computers. They will be able to stick the USB into the computer, but they won’t be able to access or see the USB drive on their computer.
Our President just wrote an article for Forbes mentioning how this is also a huge security threat. Check that article out here: How To Protect Your Organization From Viruses And Malware
4. Implement email archiving for both inbound and outbound email
This will allow you to determine if someone deleted a ton of emails before they left your company, which will give you both proof and easy access to what they tried to delete. This will be especially important to have if they sent sensitive information to your competitor or to their personal email account. Why on earth would they send how you price your product/service to their personal email account? It is also key that no user has the ability to delete the archived emails!
5. Use a file sync tool that tracks what users do and can restore deleted files
We use and recommend an enterprise-class file sync and sharing solution for small businesses (it’s like Dropbox on steroids) which allows us to see which user revised and deleted any file and when. Logs won’t tell you how many revisions there have been to a file. The file sync tool also gives us the ability to restore to a certain revision of a doc or even restore entire deleted files incredibly quickly, which can be very important to showing proof of what happened to your data.
6. Use file tracking software
If you need even more granular control of what happens to your data, you can use file tracking software that will keep a log of what and when your employees copy, move or change data. It will even allow you to dictate which software programs are allowed to access your data (ie if your company uses Slack for team messaging and collaboration, then this software would prevent your employees from being able to use Skype to send files). Even if you enable all logging, you still won’t be able to tell if a file has been copied on a computer. You also won’t be able to tell how many revisions there have been to file. You can also tell which users have opened and manipulated a file, as well as what programs have been used to access the data (like if they dragged that internal price list into Outlook).
7. Use DLP policies to prevent sensitive things from being shared through email
Data loss prevention (DLP) is an approach that seeks to protect sensitive business information by preventing end-users from moving key information outside of your network. You can have your IT company setup a DLP policy to alert certain staff that an employee just emailed your internal price list to an external email, or you can setup the policy to alert and block the email from ever sending out in the first place.