Prevent data leakages in your company with new security policy

Locating sensitive files is one of the most important tasks of computer security audit and forensic data recovery. Security experts need to make sure that sensitive files are not available for third-parties and are kept in a secure way. Computer forensics specialists need to find these files for research purposes. Another problem is possible security leakages that security expert should prevent.

What is the best way to securely manage files. The most important aspect is clear understanding of tasks that your company face. First, it's necessary to elaborate a security policy.

Security policy is a set of documents that employees of your company can follow to achieve company security-related goals. This document must describe in what secure way can information be kept and exchanged. How strong should be passwords, what encryption should be applied to email exchange, who have an access to a certain data.

Security policy should be supported with certain security software, that allows to manage information in a secure way. First, you need to have a secure data storage. It must provide a secure environment for keeping files as well as necessary backup capabilities. If you are running a small business company, then it would be enough an encrypted partition on your hard disk. Large organization prefer to establish a access level control with necessary rights to access and modify information.

If you have a good security policy then the next step is to ensure that your employees follow requirements of security policy. For instance, one of the most important requirements is using strong passwords, that must be changed often. Use password audit software to ensure users don't use too simple passwords, which are easily recoverable using dictionary based attack. Do a password security audit for specific files, for users system and network accounts.

If files are managed securely enough? Track all possible ways how user can access, modify and get a copy of file. It can be sent by email, it can be copied to flash device or it can be simply access by unauthorized person. Consider using software that logs file operations and represent easy-readable report. This is a one of the measure that allows to find and prevent possible data leakages.

You as a business manage might also wish to track emails and web-sites that your employees read and access. Some business really require this, but make sure it's allowed by your privacy statement, that you and your employees know about.

One the most challenging issues is using a portable devices with large capacity, such as flash and sd cards. It's possible to regulate access to computer using these devices with third-party software too.

The trust is that it's not really possible to protect yourself from all kind of attacks, so consider hiring a security auditor who will regularly check your company for possible security problems. And it's a good idea to provide this specialist with company security policy and records that might be analyzed to find possible data leakages.