1. I have to say that some employees can't resist the temptation of sugar-coated shells and take confidential information inside the unit privately in exchange for illegal benefits. This situation is also very common. Generally speaking, it is inevitable that employees will take away some information of the original unit when they change jobs. However, enterprises should avoid some malicious job-hopping, such as premeditated buying by competitors. Job-hopping itself is stealing information.
2, management negligence Due to inertia, it is difficult for enterprises to find internal security management loopholes, which are easily exploited by foreign competitors, such as the imperfect enterprise security information management system.
3. Vulnerabilities in computer usage management system and computer network-related vulnerabilities can easily lead to network hackers. They may use social engineering means, use false identities, phishing emails and clone websites to defraud internal employees of the company to provide confidential information, or steal the identity of internal employees, lurking and stealing secrets for a long time. To prevent competitors from purchasing or stealing secrets through management negligence, and to prevent employees from "starting a new business" or "starting their own businesses" after leaving their jobs, we should pay attention to strictly controlling employees' access, and the disclosure of secrets must be signed; Education and training are often "done", and interviews are required before leaving the job. Specifically, there are the following measures.
First, strictly close the entrance. For those who have mastered key technologies and secrets, they should start with on-the-job inspection, assessment and strict examination, and choose reliable, loyal, responsible and enterprising employees.
Second, sign a confidentiality agreement. Both new and old employees need to sign a confidentiality agreement. Clearly define the specific content, specific responsibilities, confidentiality period, legal investigation of leaks, etc.
Third, business secret education Many people will not take it seriously when signing. Employees intentionally or unintentionally surf the internet and miss phishing websites, which leads to network worms and even network paralysis in the local area network, causing serious losses to the company. Therefore, it is very necessary to carry out confidential publicity, education and training. Take a combination of centralized education or individual interview education to make the confidential education and training of employees regular and institutionalized. It is necessary to focus on the education of confidentiality laws and regulations, cases of disclosure, the scope of trade secrets and the knowledge of protecting trade secrets, so that employees can understand their confidentiality responsibilities and the consequences of disclosure, recognize the forms of confidentiality, make customers feel lucky, and keep the alarm bell ringing. Iv. The content of the exit interview for resigned employees is mainly to review the provisions of laws and regulations on confidentiality agreements, and resort to the law to recover or reduce losses. For invasive stealing secrets, we should strengthen the repair of security management loopholes, for example, using domain shields. The security threat of the leakage route comes from man-made leakage within the organization, and the remaining 15% is Trojan horse invasion, network and notebook hard disk loss and communication port leakage. Therefore, preventing insiders from leaking secrets is the key. Domain shield is used to protect the internal documents of the enterprise from being leaked, and at the same time regulate the computer operation behavior of employees.
The main functions of domain shield include: forced automatic encryption, content protection, transparent use, leakage control, approval management, offline document management, outgoing document management, email keyword screening, WeChat qq outgoing document audit, file access management, event tracking, document security management, behavior audit, intranet desktop management, network security management, print audit, and U disk management. The software consists of three parts: server, client and management. No duty, low management cost. The server is installed on the server computer that is turned on for a long time, the console program is installed on the computer used by the administrator, and the terminal program is installed on every employee computer that needs document protection or needs to read encrypted documents.
1. official website obtains the domain shield installation package, as shown below?
2. Unzip the installation package to the current folder. The following figure shows the Domain Shield installation package being extracted. ?
3. After extracting the software, double-click the software installation shown below, as shown below.
4. After installing the software, install the console. ?
5. The server and the control are installed on the same computer?
6. Select the installation path?
7. Click Install. The picture below shows the software being installed?
8. Click Finish and the software will be installed. ?
9、? Enter the "Domain Shield" homepage, and all the functions will be clear at a glance.
Please click to enter the picture description? Encryption function (1) Transparent encryption and encryption process is completed automatically, which does not affect users' usage habits. Transparent encryption: automatic forced encryption during file creation or editing. Habit has no effect, and you don't need to enter the password manually. When the file passed abnormally? The passage flows to the outside, and when it is opened, it is garbled or can't be opened, and it has been inside? Encryption status. The encryption process is completed in the kernel of the operating system, which ensures the high efficiency of encryption? Make love. Translucent encryption: users can open encrypted files, and new files are not encrypted.
(2) decryption approval decryption extroversion: when communicating with the outside world, the documents need to be decrypted, and employees can pass the application? Decrypt the file. The administrator receives the application information and decrypts the file according to the received application. Decide whether to pass the examination and approval. You can set up processes such as multi-person approval and hierarchical approval. Leak-proof delivery: when delivering important documents, employees can apply to the administrator for delivery? At the same time, you can set the number and time of opening outgoing files, right? Can print, screen capture and other operations. You can set up processes such as multi-person approval and hierarchical approval.
(3) Authority management establishes a security mechanism by dividing security areas, setting document security levels. File security level management: the concept of "security level" was first introduced into the domain shield encryption system. According to the security system and strategy, it is divided into six levels: public, ordinary, private, confidential, confidential and top secret through the association of departments, security levels and document types. ? Each department has a separate authority, and different departments cannot access each other by default. You can make some necessary settings and authorizations as needed.
(4) Client management clipboard control: files protected by automatic encryption have the function and control of clipboard protection. For example, WORD is a protected file, so you can't copy the contents of WORD files into chat dialogs and other editing tools, but you can copy the contents of other types of files into WORD documents. Automatic encryption and decryption: Automatically encrypt and decrypt files according to transparent encryption and decryption policies. For encrypted files, it is impossible to copy, paste and drag them out of the enterprise by using untrustworthy execution programs such as mail and instant messaging tools. No screen capture: No screen capture (including system screen capture, QQ screen capture, sogou screen capture and other third-party screen capture software).
(5) Offline management ensures the security of encrypted documents for business travelers. Offline user management (long-term): If employees can't connect with the servers in the intranet, they can use a stand-alone client. Offline user management (short-term): If employees travel temporarily, they can be managed through offline strategy. Set the time when employees are offline, such as 72 hours. When the computer is offline for more than 72 hours, all encrypted files will not be opened.
(6) The email white list user sends the email address in your white list, and the file is automatically decrypted. Sender white list: the administrator can set the sender white list, and the attachments in the messages sent by the senders in the white list will be automatically decrypted. White list of recipients: Administrators can set a white list of recipients, and the attachments in the messages received by the recipients in the white list will be automatically decrypted. Please click to enter a picture description.