Locking down laptops / PC's
Discussion
I think you'd do better with encryption. Even if they burned a file to disk, they just have an unreadable file.
Apple OSX has this facility working on the fly. I assume there is a similar (if at a cost) option on Windows.
I also believe the password options in Word and Excel are pretty tough to break.
As an extra level, consider also a "Hidden Folder" app. Makes the folder containing sensitive files invisible (certainly to Windows Explorer, and to most applications). Open the programme, type in a password, and hey-presto, they're visible again. The FBI would find it in minutes, but your dodgy secretary would never spot it. You might browse for freeware or shareware at VersionTracker.com
Apple OSX has this facility working on the fly. I assume there is a similar (if at a cost) option on Windows.
I also believe the password options in Word and Excel are pretty tough to break.
As an extra level, consider also a "Hidden Folder" app. Makes the folder containing sensitive files invisible (certainly to Windows Explorer, and to most applications). Open the programme, type in a password, and hey-presto, they're visible again. The FBI would find it in minutes, but your dodgy secretary would never spot it. You might browse for freeware or shareware at VersionTracker.com
Group policies will go some way to prevent what you are talking about. However someone who is IT savvy could circumvent them. I certainly know a few ways around group policies. If you want be totally secure you are best off disabling USB, CD etc in the BIOS and pasword protecting the BIOS and even this can be circumvented. You also need to watch out for people printing data to file and emailing it out. It is not impossible to prevent data theft but it is very difficult and can be costly.
Don't give people you don't trust access to those files full stop, at the end of the day they could just take a photo of the screen if they were desperate, stick a printout in their bag, whatever. With the proliferation of camera phones, usk keys & small wireless stuff you could just be p*ssing in the wind trying to stop it.
IMO Maybe the thing to do it get lawyered up and get people who have to see it to sign something that ensures that the data cant be used commercially, or that you will be otherwise adequatley compensated if it goes walkies.
IMO Maybe the thing to do it get lawyered up and get people who have to see it to sign something that ensures that the data cant be used commercially, or that you will be otherwise adequatley compensated if it goes walkies.
I have various clauses in their contracts that prevents the use of this data, however proving it is something completely different.
As you say, they can print off information (although the database limits them to 10 print outs a day) however what I'm concerned with is mass down loading of data onto a portable media format.
As you say, they can print off information (although the database limits them to 10 print outs a day) however what I'm concerned with is mass down loading of data onto a portable media format.
Best thing then as mentioned might be to take the floppy & CD drives out, and disable/break the USB ports. Physical locks on the cases and limited/no internet & email. Double check the access rights to the network server that contains the data so that someone can't just plug their own laptop into your network. Also keep backup tapes secure... I'm sure theres more but thats all I can think of now 
There are two options we use. The first is to use software liek sactuary device control from securewave to lock down the use of usb and cd-rw etc www.securewave.com/sanctuary_DC.jsp and the second we use is to encrypt the hard disk (safeboo) because if anyone gets clever and tries to clone the machine or steal it its held safely in the machine.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff