Solved! Data theft protection

Dec 1, 2018
2
0
10
I am not sure if this is the best place for this question so my apologies.

I am trying to understand risks and options of data theft from my employees. I want to know whether I'm exposed to data theft.
Here is what I have as security currently to protect data
1) VPN tunnel, but it can b disconnected
2) Macfree DLP endpoint.
3) Bitlocker

My employees can use following options. Can they be caught
1) upload data on Google drive (can DLP or anything else detect this)
2) cloning harddisk
3) unplug hardisk and use it as external drive , copy data and plug back it again.

I want to understand what are the risks associated with each option as my employees also work from home.

. So If my employee unplug hardisk from laptop, are there any methods my company can use that can detect that hardisk was unplugged (in bios or otherwise).

Is it also possible that once hardisk was unplugged the system does not detect it as a security measure or something in Bios

Risks with clonning the hardisk. Can dlp, bios or anything else detect this action?
 
Solution
Hard drive removal. Physical security seals. To remove a hard drive, screws have to be removed, panels removed, etc. Put physical tamper seals on those areas.

There is software that can prevent any USB storage device from being plugged in. That would generally prevent cloning. Don't give your employees admin privilege so they can't install software. That will help prevent cloning.

You probably also should investigate some kind of laptop tracking so that if a laptop is lost or stolen you may be able to locate and remotely wipe it.

kanewolf

Judicious
Moderator
Hard drive removal. Physical security seals. To remove a hard drive, screws have to be removed, panels removed, etc. Put physical tamper seals on those areas.

There is software that can prevent any USB storage device from being plugged in. That would generally prevent cloning. Don't give your employees admin privilege so they can't install software. That will help prevent cloning.

You probably also should investigate some kind of laptop tracking so that if a laptop is lost or stolen you may be able to locate and remotely wipe it.
 
Solution

devavictrix

Estimable
Nov 30, 2014
5
0
4,510
Windows controlled folder access can limit which programs can access (obviously) and change a file/folder/drive. It would stop anything like cloning software or an internet browser accessing your files... at least from the current OS. It even blocks Microsoft's own software/programs built into Windows. If one were to boot into a LiveOS from a USB drive then they can access the files. Just make it so you cant boot from USB andlock the BIOS with a password. There is always the option to clear CMOS though that would probably be obvious, albeit probably too late. Physical lock on the case would be required. My old server case has a very sturdy lug for that. CFA wouldn't do anything if the drive was removed but surely encryption would, especially if the key was on a TPM. They'd need to take the TPM or the motherboard too.

Downside to CFA is that explorer can access the drive/folders so they could simply copy and paste the file to somewhere outside CFAs realm. Maybe Windows can stop files being moved from their original drive/folder? I've never had to consider fixing a file to a particular place... surely it's possible though.

Edit: Actually! just been playing about with it and Controlled Folder Access is a bad name for it. It should be called Controlled Folder Modify!
I've just exported my bookmarks and put them in a "controlled" folder then imported them without any problems into another browser. A program can't modify the "controlled" folder though. Surely there's a way of whitelisting programs that can access a file/folder/drive!