What to do if a resigned employee leaks secrets? How to prevent employees from leaking secrets?

There are many ways for resigned personnel to leak secrets and how to prevent them. As far as business secrets or work secrets are concerned, there are three main ways for resigned personnel to leak secrets:

1. No bribery. Not to mention that some employees cannot resist the temptation of sugar-coated bullets and privately use the company's internal confidential information in exchange for illegal benefits. This situation is also very common. Generally speaking, when employees change jobs, they will more or less take away some information from their original units, which is inevitable. However, companies should avoid some malicious job-hopping, such as those caused by premeditated acquisitions by competitors. Job-hopping itself is theft of information.

2. Management negligence Due to inertia, it is difficult for enterprises to discover loopholes in internal confidentiality management, which can easily be maliciously exploited by external competitors. For example, the enterprise's security information management system is imperfect.

3. Computer usage management system vulnerabilities. Vulnerabilities related to computer networks can easily attract cyber hackers. They may use social engineering methods, false identities, phishing emails and cloned websites to defraud internal employees of the company into providing information. Confidential information, or stealing the identity of insiders, lurking and stealing secrets for a long time. Prevent competitors from buying or stealing secrets due to management negligence, and prevent employees from stealing information by "starting a new business" or "setting up their own business" after leaving the company. We must pay attention to strict employee entry procedures, and must sign for confidentiality disclosures; education and training must be "engaged" frequently, and interviews must be conducted before resigning and changing jobs. Specifically, there are the following measures.

1. Strictly control the onboarding process. For those who have mastered key technologies and secrets, we must start from the onboarding inspection and assessment, strictly review and assess, and select employees who are reliable, loyal, professional, responsible and enterprising. .

2. Sign a confidentiality agreement. New and old employees are required to sign a confidentiality agreement. Clearly stipulate the specific content of employee confidentiality, specific responsibilities, confidentiality period, legal prosecution for leakage, etc.

3. Trade secret education Many people will not take it seriously even if they sign. Employees intentionally or unintentionally surf the Internet and mistakenly click on phishing websites, causing the local area network to incur network worms and even network paralysis, causing serious losses to the company. Therefore, confidentiality education and training are very necessary. Adopt a combination of centralized education or individual interview education to make employee confidentiality education and training regular and institutionalized. It is necessary to focus on education on confidentiality laws and regulations, education on leakage cases, education on the scope of corporate trade secrets and knowledge on protecting trade secrets, etc., so that employees can clearly understand their confidentiality responsibilities, the consequences of leakage, recognize the form of confidentiality, and customers' fluke mentality, so as to be a wake-up call. Long cry. 4. Resignation interview of resigned employees The content of the interview is mainly to review the laws and regulations of the confidentiality agreement, resort to law, and recover or reduce losses. For intrusive secret theft, it is necessary to strengthen the repair of vulnerabilities in confidentiality management, for example, use Domain Shield. Security threats in the way of leaks come from human leaks within the organization. The remaining 15% are Trojan horse intrusions, loss of network and laptop hard drives, leaks of communication ports, etc. Therefore, preventing leaks by insiders is key. Domain Shield is used to protect internal corporate documents from leaks and regulate employees' computer operations.

The main functions of Domain Shield include: forced automatic encryption, content protection, transparent use, leakage control, approval management, offline document management, outgoing document management, email keyword filtering, auditing WeChat QQ outgoing files , file access management, event tracking, document security management, behavior audit, intranet desktop management, network security management, print audit, U disk management, etc. The software consists of three parts: server side, client side and management side. No on-duty required and low management cost. The server is installed on the server computer that is always on, the console program is installed on the computer used by the administrator, and the terminal program is installed on each employee's computer that needs document protection or needs to read encrypted documents.

1. Obtain the "Domain Shield" installation package from the official website, as shown in the figure below?

2. Unzip the installation package to the current folder. The following figure shows the "Domain Shield" installation The package is being decompressed. ?

3. Obtain the software after decompression, double-click the software below and install it, as shown in the picture below?

4. After installing the software, install the console. ?

5. Are the server and control terminals installed on the same computer?

6. Select the installation path?

7. Click Install. The picture below is Software being installed?

8. Click "Finish" and the software will be installed. ?

9. Enter the "Domain Shield" homepage to see all functions at a glance.

Please click to enter the picture description. Encryption function (1) Transparent encryption The encryption process is completed automatically and does not affect the user's usage habits. Transparent encryption: Automatically forces encryption during the file creation or editing process, which affects the user's usage habits. There is no impact and no need to manually enter the password. When files flow to the outside through abnormal channels, they will appear garbled or cannot be opened when opened, and they will always be in an encrypted state. The encryption process is completed in the operating system kernel, ensuring efficient encryption. Translucent encryption: Users can open encrypted files, and newly created files are not encrypted.

(2) Decryption approval and decryption outgoing: When communicating with the outside world and needing to decrypt files, employees can apply to decrypt the files. Managers receive the application information and decide whether to pass the decrypted files based on the application received. Approval. You can set up multi-person approval, hierarchical approval and other processes. Anti-leakage and outsourcing: When employees send out important files, they can apply to the administrator for outgoing files. At the same time, they can set the number of times the outgoing files are opened, the opening time, and whether they can be printed, screenshots, and other operations. You can set up multi-person approval, hierarchical approval and other processes.

(3) Permission management establishes confidentiality mechanisms for departments and levels by dividing security areas and setting document confidentiality levels. File confidentiality level management: Domain Shield encryption system is the first to introduce the concept of "confidentiality level". According to the confidentiality system And policies, through the association of departments, confidentiality levels, and document types, it is refined to the different file types encrypted by each department, divided into "public", "ordinary", "private", "confidential", "confidential" and "top secret" Six levels. ?Each department has separate permissions, and different departments cannot access each other by default. Some necessary settings and authorizations can be made according to needs.

(4) Client management clipboard control: Files protected by automatic encryption have the function and control of clipboard protection. For example, WORD is a protected file, and the contents of a WORD file cannot be copied into chat dialog boxes and other editing tools, but the contents of other types of files can be copied into a WORD document. Automatic encryption and decryption: Automatically encrypt and decrypt files according to the transparent encryption and decryption strategy. Encrypted files cannot be taken out of the enterprise by copying, pasting, dragging, or using untrusted execution programs such as email or instant messaging tools. Disable screenshots: Prevent screenshots (including system screenshots, QQ screenshots, Sogou screenshots and other third-party screenshot software).

(5) Offline management ensures the security of encrypted documents for business travelers. Offline user management (long-term): If employees cannot connect to the server in the corporate intranet, they can use a stand-alone client. Offline user management (short-term): If employees are temporarily away on business, they can be managed through offline policies. Set the time for employees to be offline, such as 72 hours. When the computer is offline for more than 72 hours, all encrypted files will not be able to be opened.

(6) If an email whitelist user sends an email address in your home whitelist, the file will be automatically decrypted. Sender whitelist: The administrator can set a sender whitelist. The senders in the whitelist Attachments in outgoing emails are automatically decrypted. Recipient whitelist: Administrators can set a recipient whitelist, and attachments in emails received by recipients in the whitelist will be automatically decrypted. Please click to enter the image description