Audit & Accounting Firm
- Securing sensitive corporate information
- Monitoring of social media and online chats
- Preventing unproductive usage of the Internet and the desktop machines
- Preventing use of company machines for storing personal images and videos
As an audit and accounting firm, they are responsible for maintaining huge amounts of customer data. Furthermore, their main IP lies in the various audit templates and documents, which are produced when an audit is done. As such, the security of data is crucial for their business. In addition to that, most of their staff are highly-paid individuals and as a firm whose revenue is based on chargeable man-days, it is important to know if any of them are being under-utilised or are just simply wasting time. As an audit firm, the company has strict policies on misuse of company resources and in order to ensure compliance, deployed Sophos at the endpoint. They also configured Windows AD to block various types of chat applications and to block people from installing any software on their machines. However, their test showed that Sophos was not up to the task.
The Solution: e-Safe Compliance
During the initial rollout, e-Safe Compliance was installed in silent mode to evaluate the level of the problem. The following is a summary of the findings:
- They detected two of their staff members, who had resigned, had copied large amounts of the company’s data on their thumb drives on their last day in office. This was a clear breach of their contracts.
- Using e-Safe Compliance, they detected their staff members openly discussing their projects with outsiders over Facebook and online chats such as Skype and Gtalk. This was a clear breach of the company’s NDA with their customers. Although their IT department had blocked known Skype ports, they found Skype to be very resilient to any blocking.
- e-Safe Compliance detected some unauthorised people accessing sensitive information such as client lists.
- Nearly 75% of Internet time was related to time spent on unproductive websites. As most people had laptops, this analysis was limited to working time.
- There was evidence of a few people accessing pornographic images, videos and websites. Although most of these sites should have been blocked, Sophos, as a URL list-based system, was unable to block the many URL permutations of porn sites Furthermore, Sophos had no answer to the problem of detecting offline porn material.
- Nearly 10% of working time was detected as unproductive time spent on playing games and watching movies. As the installation of games was blocked, people resorted to playing simple, Macromedia Flash-based games, which do not require admin rights.
- e-Safe Compliance’s Drive Audit detected a huge number of personal videos and images being stored on company machine, with the top violator having nearly 800GB of video files in his 1TB hard drive.
- e-Safe Compliance also helped them to identify machines which had been left on and idle. This results in wastage of electricity and is a breach of company’s IT policy.
After analysing the findings, the company announced to their staff that their machines will be monitored and they should refrain from doing non-company-related activities on company machines during working hours as specified in their contracts and IT policy. This resulted in the following benefits:
- Legal notices to delete the copied files were sent to the two ex-staff. This event was made public within the company, which resulted in the elimination of unauthorised access of information within the company.
- The threat of staff discussing client information over social media, chat applications, etc was minimised. As the staff know they will be tracked, these discussions have become professional in nature and these media are only used when absolutely necessary.
- By announcing to the users that they will be monitored and the managers of the top violators will be alerted, there was a 50% reduction in the amount of time spent on unproductive Internet surfing.
- Staff stopped wasting time through watching movies and playing games. By using e-Safe Compliance, they could now block these games from running on the machines.
- The issue of pornography was completely solved. As people know they could get caught while accessing pornographic material, whether from online or offline sources, they stopped doing it.
- Using e-Safe Compliance, the company implemented a policy of limiting the storage size of personal files per machine. Furthermore, they asked their staff to sign an indemnity agreement stating that the staff will take full responsibility for the legality of the video and audio content stored in their machines, hence protecting the company.
- Using e-Safe Compliance, the company implemented shutdown or hibernation settings on PCs, hence helping to save electricity.