Products
Personal Monitor
Record PC users's actions, grab screenshots and passwords
Keylogger
Keystrokes recording software. Keylogger free trial
Hoverwatch
Cell phone and computer spy
Employee Monitor
Access and control the time spent by your workers
Terminal Monitor
Track employee activities on Terminal Server
Free Keylogger
Free keyboard logger keeps track of all typed text

Corporate information security

13 December 2010, by — admin ()

The human factor has always been and will probably always be the weakest link in corporate security. At the same time, the larger a company is, the more expensive its know-how’s are the harder it is to prevent leaks into the outside world.

How can you protect your company from such risks without breaking the law and losing the common sense?

As a rule, the task of providing corporate security is broken into two discrete components:

  • monitoring of outbound communications,
  • employee monitoring.

Depending on the methods chosen for fulfilling these tasks, they can be handled by the company’s management team, the IT department, the internal security service or the HR department.

Monitoring of outbound communications

From the technical point of view, monitoring of corporate email accounts is the easiest method of providing information security. However, it’s also the easiest barrier to breach or trick. Therefore, a serious approach to enterprise-level information security implies comprehensive monitoring of all types of communications: email, IM logs and even employees’ activities in social networks, if they are allowed to use them.

All print jobs should also be taken into consideration, as well as CD/DVD burners and USB ports that should ideally be controlled or disabled by default.

This kind of protection can be organized with the help of specialized software or combined software/hardware DLP solutions.

You can purchase, deploy and configure such a solution on your own or contact a software integration company of your choice. Most likely, you will choose a solution offered by one of the leading companies: InfoWatch, Jet Infosystems, Trafica or Refog.

Working with employees

Provision of corporate information security is not limited to the integration of a DLP system. There are a number of issues and problems that should be addressed separately.

The data collected by a DLP system may be incomplete or may not be sufficient for proving the malicious intent of an employee or his/her responsibility for an information leak. To obtain further evidence, you can, for instance, impose stricter monitoring of employees’ activities and save complete keyboard logs and screenshots. Apparently, this should be done with the written consent of the employees being monitored.

Apart from this, finding an employee guilty of disclosing confidential information is not a sufficient legal premise for firing him/her. To do it legally, the employer must enforce a commercial confidentiality mode in advance and approve a list of documents and data not to be disclosed to third parties. These regulations must be presented to the company employees who must then sign the non-disclosure list. Confidential documents and media containing such documents must have a confidentiality stamp/mark on them.

Only in this case a breach of commercial confidentiality may result in an internal investigation possibly involving law enforcement authorities and legal charges against the suspect.


Tags: