Eliminate the unknown. Discover and manage a wide variety of threats
PRESET INFORMATION SECURITY POLICIES
Most active IM users
Nowadays communication via instant messengers is one of the most popular ways to keep in touch, therefore it’s not surprising that Skype, Lync, Viber, and social networks are used for work purposes. But even though messengers can be used for work related communication it is vital to watch how much communication there’s really going on. In case someone sends too many messages throughout the day it might be the case that the person spends too much worktime chatting about personal issues or shares a lot of information with the outsiders. The policy Most active IM users is based on a statistical query that is already created for you. The only thing to be specified is what we are going to count as suspicious activity (e.g. a user is sending more than 100 messages per day). Later all those messages can be analyzed in details.
Negative comments about top managers
It is essential to control opinion about top management as no one would want employees to write negative comments on work related forums, as well as revenge in some way in case of dissatisfaction with decisions made by a boss. It is a great opportunity to watch what employees think about events and changes in the company with the help of Negative comments about top managers policy. It is created as a complex query where we combine 2 different kinds of text search: first one includes names, titles, nicknames of the top managers; second one is a dictionary that includes words expressing dissatisfaction or anger, for example, offensive language and swear words.
When an employee starts searching for a new job and does it secretly it may lead to the situation where the employer loses an important and professional worker. Such unexpected situations usually cause a lot of problems, especially if a well-qualified specialist decides to quit. Such situations can be monitored with the help of the following policies:
• CV Search. With the help of similar content search and using list of phrases that are always mentioned in a CV, we can detect if there are any users sending CVs via mail, messengers or http as well as cases where they simply create, print or copy one to external devices
• Visits to job search web sites. Having interception from program controller we can easily analyze with the help of search by attributes who is visiting job search sites and how much time is spent on each of them. Further analysis will show as well what web pages were visited and what positions employee is interested in
• Discussion of job change. People don’t always send their CVs or spend time on job search web sites right from the work computer but it is very likely that if person decided to change the job he or she will discuss that in informal way via messengers or social media. So using search with a dictionary we can find out if such discussions take place and reveal intentions of changing place of work
Every employer expects their employees to stay concentrated on their work duties all the time they are paid for. However, it might happen that some people would want to earn more money freelancing and not fulfilling their main dutie, so along with monitoring the people who are about to change the job, it’s necessary to check whether some people work for another company or even a competitor while at work. Freelance policy helps to find out if such workers are in the company by checking discussions with the help of text search and websites with the help of search by attributes on the topic and allows to save company’s money.
Sometimes in a company can appear employees that want to get extra profit by using fraud schemes that divert money from a company, such as creating shell companies. There are many different ways to implement this scheme but for us the most important thing is to discover the existence of such companies. Third-party companies policy allows to detect if workers own such companies and steal money by using similar content search where we can find such documents as article of association being mentioned.r
According to the latest laws and regulations, such as GDPR in the EU, personal data of individuals should be protected by any organization at its best. Such data includes a lot of information and there are individual policies that work on basis of regular expressions search (together with detection of information patterns) and can immediately alert a security officer if there’s a threat to disclosure of personal data. These policies are the following:
• Passport number. It can be very suspicious if someone shares passport information during work time for some reason as sending passport numbers is not secure in general, and if it is someone else’s passport in particular. Special regular expression can detect mentioning of passports in any document or message.
• List of clients. Essential task for every company is to keep all information about their clients in a strict secret not to allow someone else to use their personal data as well as not to allow company’s employee to steal this data for usage in another company. Special regular expression can detect mentioning of names, surnames and other information about clients in any document or message.
• List of employees. Any company is responsible for keeping information about their employees safe. If some data will become available to a third party, then the company may face substantial financial and reputational damage. Special regular expressions can detect mentioning of names, surnames and other information about employees in any document or message.
• Credit/debit cards. Passing numbers of credit or debit cards is absolutely prohibited in case we speak about banking organizations, where it is the same as sending personal data of clients. But in general it is also very important to monitor sending of such information as another question will be why and where a person holding a certain position is going to transfer money. Special regular expression can detect mentioning of bank cards in any document or message.
• Nationality. In the modern world most companies start to be multinational so it is very important to prevent any kind of negative discussions on the topic of nationality. Special policy based on search with a dictionary can detect mentioning of nationalities and negative comments on this topic in any document or message.
• Medical records. If a company works in the field of healthcare the medical records of their clients should be watched very attentively. Special policy with the help of regular expressions and text search can detect mentioning of medical records being sent in any document or message.
Usually it is very complicated to find out if someone starts selling or passing confidential information at some point, therefore, it is essential to monitor the amounts of outgoing information. With the help of our special search type called statistical queries we allow to detect abnormal amount of information sent from each user (e.g. more than 20 emails sent per day, more than 10 documents printed, more than 50 files copied to USB etc.) and prevent damage caused by data leak.
Nowadays it is vital to take into consideration security on the global level, therefore it is important to check whether employees are interested in certain topics that might cause damage to the company. Extremism policy will determine if workers are involved in terroristic organizations, connected with ISIS or take part in other destructive movements, this way company will save its reputation and status. We are going to detect such people with the help of different dictionaries we provide our clients with, including separate dictionaries for ISIS, terrorism and even virus outbreaks.
It might not be evident but it is extremely important to monitor what documents which get attached to all outgoing mails and messages, and if the information is posted only on allowed sources in the internet. Leaving this information unchecked may lead to missing big data leak. Attached files policy automatically analyzes outgoing data and checks what kind of documents are attached to emails, and on which web sites certain information is posted. This can be realized with usage of complex query where we can combine different types of search by attributes. That allows to specify what attachments, posted and sent where exactly we want to see.
IT data control
For each enterprise it is paramount to keep safe the information on how exactly it operates, for instance IT information such as network architecture. As rivals and/or other intruders may take advantage of it and hurt the company. IT data control policy reveals if company’s employees discuss or send such secret information to someone outside the company. This is done by using various kinds of search: we use words and phrases search to find any mentioning of something that composes network architecture, as well as regular expressions search to find data such as IP addresses mentioned in the intercepted data.
Copy to USB
One of the most popular ways to steal confidential information is to simply copy it to external devices such as USB sticks. Copy to USB policy constantly checks if certain types of documents or archives were copied and allows to further analyze if it was data loss or no. Using attributive search, we can detect if, for instance, the following types of documents were copied somewhere:
• Archive files
• MS Office documents
• Any exception from the standard list of documents
Some employees for the purpose of hiding some actions can use anonymizer websites to visit prohibited sources. Of course, it is absolutely necessary to find such activity as usually it leads to lots of work time wasted on personal issues or even worse violations. To find out if workers want to disguise something anonymizers policy works with two main criteria:
• Attributive search with ProgramController allows to see when a user opens special website and how much time is spent there.
• Words and phrases search allows to monitor who did search on the internet for words such as anonymizer, anonymous, web-proxy, etc., as to detect those who were trying to find and visit anonymizers.
For those companies that work with tenders it is necessary to watch if their workers discuss this topic as some insiders in procurement may be interested in kickbacks. Tender subject policy searches for such discussions in interception modules with the help of search with a dictionary and allows to prevent such illegal actions. And of course it is also possible to specify only those who work with tenders or who we suspect in something by adding search by attributes.
Communication with competitors
Once an employer hires an employee he expects this employee to be productive, initiative and loyal. Disloyal employees can cause damage to a company, giving sensitive data to rivals or having an idea of changing the job. Communication with competitors policy allows to find out if such workers appear in the company by tracking communication with representatives of other companies in the field of activity. This way it’s possible to prevent data leaks and make valuable employees stay in the company. Such communication can be revealed in various ways, we can find communication with the address of competitor’s mail server using attributive search and simply use words and phrases search to find if someone is mentioning names of such companies in discussions.
Discussion of salaries
When someone is not satisfied with the salary it is better if it’s announced right away and not hidden. But sometimes what happens is an employee prefers to secretly discuss salary and money topic with people around, trying to find out what is the salary of the others and this way increase the tension in the team or even decide to quit the job not letting anyone know about it. Not to let this happen we suggest to monitor such discussions using words and phrases search that will allow to receive alerts once there’s someone just starting to comment on this topic.
Irrational use of time and resources
It is vital for every company to operate effectively and gain profit, therefore the most important recourse for achieving good result is a hardworking and productive worker. Irrational use of time can include various things; this is what we suggest to pay attention to:
• Dating web sites. When someone starts spending a lot of time on such web sites it for sure will have an influence on worker’s productivity as it’s the least connected with work topic. And if employee is concentrated on personal topics too much there will be no time for work. With attributive search and list of dating web sites our clients are provided with, we can have a full image of how much time is spent on every site.
• Online movies&online games&online stores. Some employees prefer to spend time at work entertaining instead of actually working and the most popular way to do that is watch movies and videos online, shop, play online games, that way people can spend hours and hours doing nothing useful. With our special policy created as complex query with the help of attributive search we can detect any presence on such web sites that exceeds certain amount of time during the day allowed for relaxation and personal issues.
• Large purchase. It is a good idea to have an eye on what employees are searching for on the internet as sometimes the fact that they are involved in taking part of company’s money can be found through detecting attempts to purchase expensive things such as houses, cars, etc. If a person who is searching for such information is holding a position of junior specialist for example, then there’s a need to have a closer look at what this employee is doing at work. Our policy created with the help of search with a dictionary will alert on suspicious search or discussion.
• Irrational printer usage. There are many cases when people think that any of company’s resources can be spent for their own purpose just because they spend most of the day at work. One of such cases is when people start printing different materials for their own use at work, like multipage books and manuals. This can be done with the help of statistical queries where allowed number of pages to be printed each day can be specified, if the number of printed pages exceeds this value, security officer will be alerted.
There’s a group of people who usually don’t directly steal information or cause harm to the company intentionally but whose hobbies and habits might lead to some troubles for the employer as well. These people are risk group for the company and include:
• Alcohol abuse& drug use and distribution.Those people who are alcohol or drug addicts are usually not reliable ones. Finding such people is quite an easy task with the help of search with a dictionary, where we can even specify how many words out of the dictionary should be found to exclude false alerts and find only real discussions that will show real addictions. Therefore, it becomes possible to effectively control top managers and people with high access rights.
• Communications with journalists. Sometimes it’s not needed to steal information by copying it to cause harm to a company, sometimes it’s enough just to pass some negative comments to media and it’ll lead to irreparable consequences for company’s reputation. This is why it is so important to watch if an offended employee for example, especially if this employee holds the leading position, decides to pass some facts about company’s performance to journalists. The policy is built based on search with a dictionary, which allows to find mentioning of any media related words in conversations, and search with attributes, which allows to discover communications with journalists via mail.
• Extreme sports.If you want performance of the company to be stable it is important to be aware of what hobbies top managers have. Sometimes these hobbies can be dangerous and include extreme sports such as rock-climbing, cliff jumping, dirt jumping, etc. If right before signing up an important contract you see that one of managers is planning a dangerous adventure you can ask this manager to postpone such plans or somehow reinsure everything will be on the right track. The policy is created with the help of search with a dictionary, therefore we can detect any mentioning of dangerous sports.
• Gambling.Sometimes employees of the company can have hobbies such as playing card games or relaxing in casinos from time to time. As a result, it can end up with employees getting bogged down in debts or in their addiction more and more. Usually it leads to such people being in search of money and sometimes in despair they can try to find this money in unfair way, for example, steal from their own company or pass secret information being blackmailed. Obviously, no one would want their accountant or financial director being addicted to gambling. With the help of special policy, we can detect if any user is involved in playing poker online or if this user is visiting casinos. Policy is built on combination of 2 search criterias, one of which is search with attributes (activity on casino web sites is intercepted); the other one is search with a dictionary that will alert in case someone is discussing or mentioning poker sites, casinos and gambling in general in messengers, social networks or email correspondence.
• Debts and loans.It might be a problem for a company if an employee is in a lot of debt, and if this person is not able to pay everything on time. Because probably the first option this person is going to choose to help the situation would be to find money within the company, more often than not in a legal way. So the security officers should be always very attentive to actions and conversations of this person. Debts and loans policy is built with the help of various dictionaries combined into a complex query which helps to immediately detect people discussing and mentioning debt topics.
In general, sending attachments is just a part of everyday working process but if not paying attention to them, it’s very easy to miss secret documents sent even unintentionally, not speaking about sensitive documentation sent outside the company on purpose. For that reason, we suggest using separate policy that will inform about every email with a document attached, thus security officers can react on time in case there’re some violations. The policy is built on the basis of numerous mail attributes we have, that will help to detect only important mail attachments.
Usage of personal email can be a serious violation of company’s security rules as correspondence about business affairs is not be completely transparent this way. Also, some people can decide to send sensitive information to a personal email address, thus it’ll be impossible to control further movement of such documents. With the help of our special policy, security officer has a chance to examine every email that was sent to or received from any email domain except for the corporate one, including separate monitoring of attachments. This is possible as we have all attributes needed to monitor such email values as “From”, “To” and even “CC”, all of these are combined in a complex query.
MSDS (Material safety data sheet)
In case an enterprise is involved in production it’s necessary to watch quality of products released, using special policy, security officer can be alerted on any msds on any specific product to analyze if someone changed information and if released product corresponds to all requirements. This is done with the help of words and phrased search along with similar content search.
Most people are afraid to admit that they made a mistake but sometimes it leads to bigger problems as hidden malfunctions can cause loss of a client as well as huge reputational damage. Therefore, we suggest detecting any conversation via different channels of communication that include discussion of violations, mistakes, failures, defects, etc. This is done with the help of words and phrases search that is applied to all correspondence.
Every time production is stopped for some reason it is big loss of money for a company so once it happens any manager should be informed about time and reason for downtime. Since workers often try to disguise the fact that something breaks as the result of their fault, it makes a lot of sense to use our policy for finding such facts on time and have a chance to take measures. The policy is created on the basis of text search.
Discussion of rewards
It is very important to watch when employees are discussing any topic connected with money, especially when it is discussion of rewards or bonuses as some people can spread gossips, misunderstand news. It often ends up with dissatisfaction and disappointment, and in turn leads to possible theft of money or information. To prevent this our policy created on the basis of search with a dictionary can be used, as it’ll give alerts when some of the employees only start to discuss such topic.
Documents with tags
In every company there is a list of sensitive documents that should be used only by limited number of people, so it is absolutely needed to have a chance to see every action that is made with such documents. If documents from this list have tags such as “secret”, “trade secret”, “confidential” and so on, we can use our special policy that is created with the help of phrase search to collect information about every action with such a document.
Password protected documents
If someone decided to send archive or any other document that is password protected, then the document is either secret or this user has something to hide. Our policy is created with the help of special kind of search “Unrecognized documents” that alerts a security officer when there’s such a document sent by any channel. Thus, it is very easy to analyze who sent such document and for what reason.
Discussion of terms of delivery
When there’s a deal connected with delivery of some goods or services it is important to watch manager who is responsible for the deal to act accordingly. If manager is trying to discuss discounts or different terms with the counterparty thus having intention to gain more profit, this should be found at the very beginning of such discussions. Special query with search with a dictionary combined with attributive search where we can specify managers involved in the deal will allow to see incidents when someone is having such discussion.
It is vital to constantly check that the documents that describe financial state of the company stay within the company and not transmitted to third parties as it might cause financial and reputational damage. Financial data policy checks all data intercepted to find out if documents that contain information about profit and loss, cash flow, etc. were sent to people without access to that information. The policy is created with the help of similar content search that allows to find documents that are always written in the same way anywhere in the interception.
It is important to control each of the money transfers that takes place in the company. Both small transactions that are not connected with company’s activity and big transfers should be controlled as these are the most direct ways of how money can be stolen. The policy Money transfers helps to collect all information about every transfer in one place to have possibility for quick analysis. The policy is created on the basis of text search together with additional attributes.
We can offer our clients specialized policies for protecting particular bank documents such as financial reports, market research and financial plans of the company. It is vital that when analyzing this data we need to take into account list of people who work with such information, create risk groups and analyze content rout of the documents. All of these makes any operation with critical bank documents visible and transparent and can be easily done with the help of SearchInform tools. The policy is created with the usage of text search, thus each of the bank documents can be detected separately.