Information protection from stealing by employees

According to the statistics data 80% of the information security threat of a company comes from its own staff. The employees work with the documents having commercial secret so they have the opportunity to do considerable harm to the company by giving out confidential information to their competitors, public access or any other interested party. There may be quite a number of reasons - a conflict with the employer, an outer threat, blackmail, an intention to make money, etc. There are also a lot of possibilities to do it - you can copy the documents to a USB-device or a diskette, send via email or simply publish on the Internet.
It's impossible to forbid the access to the documents containing commercial secret for all the employees as there must be someone to create and process such documents. But it is absolutely necessary to keep control over the employees who have access to the secret information.
The Information Protection Systems based on firewalls and antivirus software aren't able to protect the company from stealing information by the employees who have free access to some secret data due to their job responsibilities. Such systems don't fit such tasks.

At present there are the following ways to protect your confidential information from being stolen by your employees:

1. You could disable the floppy disk and CD/DVD drives, USB ports, network connection, it would be of maximum efficiency at minimum expenses but actually it is practically impossible to do so. You know that the mouse and the keyboard is connected through USB ports, the IT infrastructure of the company is based on the network, and the Internet access is often necessary for work. It is often the case that an employee has to work with a large amount of information (actually, not all the information you have to work with is secret) so it is desirable to leave the opportunity to connect removable USB drives or to write information on a CD/DVD.

2. You could filter the information transferred to the network using traffic analyzers and thus block the secret information. Unfortunately these ways fit only to filter the incoming information, i.e. to block viruses and entertainment content. The maximum effect you can reach here is to protect the important information from unintentional actions of the employees leading to accidental leakage of secret information. Such means can't save you from intentional stealing of confidential data as the protection can be cheated with the help of scrambling. Besides, in this case removable media (mainly USB drives and diskettes as work places are seldom equipped with optical drives) are left uncontrolled.

3. You could separate access rights to input/output ports. Most of such software are in fact a graphic interface for using standard protection engines of the Windows operating system, and which allows you to set access rights to different ports (e.g., a USB port) for any user. This solution has some drawbacks:

• first, you can't control the information transmitted on the network;
• second, the rights are not flexible, i.e. you can't allow the user to copy non-secret information to a USB drive and forbid to copy the secret one.

4. The developers of the SecretsSaver Corporate Information Protection System took into consideration the drawbacks of the above-mentioned means. The main purpose of the SecretsSaver Corporate Information Protection System is to prevent the unauthorized distribution (stealing and leakage) of confidential information.

SecretsSaver Corporate gives the following opportunities to the company's security service:

• it limits the access of IT departments employees to confidential information;
• it divides the information stored both on the employees' workstations and on the servers according to the security level;
• it gives each employee a personal security access level to confidential information;
• it limits the unauthorized distribution of confidential information based on the data security level and the access level of the employees;
• it enables you to dynamically control the access rights of the employees to the information transfer devices and means (diskettes, USB drives, Internet, etc.) according to the access level of the employee and the security level of the documents in work;
• it provides you the full history log concerning the operations with confidential information.

In fact, SecretsSaver Corporate extends the standard security system of the Windows operation system and provides some additional features:

1. you can mark the information as confidential - stamp (public, office, secret);
2. you can stamp the information located on the remote computer, for example, databases, Web-portals, etc.;
3. there are the following access levels for employees (the level can be public, office and secret):
• information access level - defines the maximum stamp level of the information for the employee to get access to;
• network access level - defines the maximum stamp level of the information for the employee to transfer over the network;
• access level to removable media - defines the maximum stamp level of the information for the employee to copy to removable media.

Here is an example illustrating the way how the Information Protection System SecretsSaver Corporate can be used. Suppose you are an employee having the following access levels:

• information access level - secret;
• network access level - public;
• removable media access level - office.

While you work with the public information the Information Protection System is passive. You can work with the network, diskettes and USB drives without any restrictions. During your work you may need to open the SecretDocument.doc file stamped as secret. SecretsSaver Corporate catches the attempt to open this file and opens the dialog box informing you that MS Word is trying to get access to secret information. In case you really needed to open this file you must confirm it to the Protection System, but in case you didn't try to access this file it might happen that a spy program trying to steal the secret information had penetrated into your computer. You must inform the IT department or the Information Security Department about this fact.

After you open SecretDocument.doc the access to the network and to writing to any removable media (diskettes, USB drives, etc.) becomes blocked according to your access levels for the remaining session time. Any document saved or created after this moment gets the secret stamp (otherwise it would be possible to copy the contents of the secret file to a newly created one and the secret information may get the public stamp after restarting the PC).

If you opened OfficeDocument.doc stamped as office instead of opening SecretDocument.doc stamped as secret, the access to the network would be blocked but the access to writing to removable media would remain permitted.

Thus the SecretsSaver Corporate Information Protection System allows you to dynamically change the access rights of an employee to information transfer devices and means depending to the information security level you work with.

We hope that if you introduce the SecretsSaver Corporate Information Protection System in your work at your company it will help prevent not only accidental information leakage but intentional stealing of your company's confidential information.

SecretsSaver Corporate has a laconic and strict control interface based on habitual and clear terms for business users.