Controlling Unreliable Employees and Preventing Information Leaks

It is not rare that employees use a company's Internet connection for their own purposes, such as searching for new jobs, sending CVs, spam, and other unauthorized action. These actions result in a loss of productivity, a useless waste of time, increase the cost of the Internet, etc. Statistical data shows that about 80% of users send private messages using their business workstations. Consequently, companies lose hundreds of thousands of dollars per year as a result of inefficient Internet usage.

It is not superfluous to remind you once more about the possible danger of the leakage of confidential information via the corporate mailing system. During the last year, about 90% of organizations with Internet access have experienced leaks of confidential information, including source codes of software, texts of contracts or financial documents, client information, etc. An information leak can happen not only via e-mail, but also when accessing external web servers.

In order to prevent such activities and to detect unreliable employees, one can use various content-control tools, for example, those of the MIMEsweeper or SurfControl product families. However, if the company can not afford such tools, it is possible to use specially configured network-level intrusion detection systems. The mechanisms of such systems allow the administrator to control network traffic using a set of predefined keywords and key phrases (for example, "company-confidential," "CV," "Jobs," and so on), detect transmission of files with specific names (for example, salary.xls) or filename extensions, and identify requests to specific servers (for example, http://www.playboy.com).