It is a common practice among employees or contract personnel who are leaving the organization, to carry data from network resources and to their next job. The departing employee copies data without thinking that the action amounts to theft of company assets.Until the day the person is caught, as it happened with this lawyer in Vakola, Mumbai who copied about 4000 documents from the file server in the law-office where he was working, ostensibly to increase his knowledge by studying the same (read the media report on TOI). Of course no one will believe the excuse and the gentleman will face tough penalties under the IT Act. He was not authorised to access the server and neither did he ask for privileges to access / copy / view the file he purloined.
The employer firm would have had a second layer of defence if they had an Information Rights Management system installed. It would have helped protect each sensitive document allowing only authorized persons to be able to view or work on it.
The Seclore FileSecure solution provides total control on documents at rest or in communication / collaboration. The originator can enforce access rights and set controls for editing, copying, viewing etc.
The IRM solution will provide a highly effective control to safeguard documents in scenarios where large scale copying theft is carried out by a departing or an unauthorized employee. In the case of the departing employee, it is simply an action of removing his/her access credentials from the corporate directory that will disable access to all the documents that were protected in the organization. Of course the unauthorized employee will not be able to access the document(s) unless he / she know the passwords of all the employees who hold authorizations for the same.
In the case of the incident quoted above, while the employee had been able to compromise the password for the file server and copied the 4000 odd files, it would have not been possible for him to access these files without knowing the passwords of the other persons in the organization who were holding the authorization(s) for these documents.
Posts
2 comments:
Intresting. But this is a common practice and most emps do this, which includes senior employees. Also our Indian cyber laws are not so strong as our western counterparts. But I guess you have highlighted a very important aspect in the system.
Hi Vimal .. we agree and therefore prevention is the only cure for this ..
Post a Comment