Welcome to OUR GLOBAL IT COMMUNITY.

This forum gives great advice on how to prevent data leakage. It explains 5 steps that will protect one's data in motion much better.

http://links.maas360.com/dataLeakMonitoring

Of course the first step is assigning share level and file level permissions, but today's security goes way beyond that. When it comes to protecting sensitive data, the answer is encryption, encryption, encryption. There's a plethora of third party encryption solutions but you can get started in a cost effective manner by using the mechanisms included in Windows server and client operating systems. Encrypting File System (EFS) can be used to protect data stored on disk. BitLocker can be used to prevent unauthorized persons from booting into the OS on a laptop that's lost/stolen or a desktop or server to which the person has been able to gain physical access. IPsec can be used to encrypt data as it travels across the network and protect it if it's intercepted in transit.

No one solution, alone, is as good as a multi-layered defense plan. Controlling access to sensitive data involves authentication and authorization as well as encryption. And a comprehensive solution includes monitoring/auditing to ensure that your security methods are working. Auditing file access will keep you on top of who is accessing which files (and who may be trying to access them and failing). You can use the Windows built-in auditing feature or you might want to use a more robust third party product. For example, the NetWrix Change Reporter Suite includes auditing of file servers and sends you email reports if changes are made to permissions. I reviewed that product at http://www.windowsecurity.com/articles/Netwrix-Product-Review.html

Of course, good firewalls - at the edge and/or on the host - will prevent intruders from getting into the network or accessing the machine. And it goes without saying that all systems should be fully patched to protect against exploits that could result in exposure of data and anti-virus and anti-malware solutions should be deployed.

Whether it be leaving laptops in cabs, losing USB keys, storing private data in P2P shared folders, or just sending out private information via email,most data leakage occurs because people are acting in ways that are against policy or because they are careless. To fix these types of issues stricter policies need to be placed and all employeers must learn the policies and ramifications of breaking them. Unfortunately, there is no 100% solution to human error as no matter how many policies you have in place, someone will break them.

The second method is to use hardware and software barriers at each of the entrances/exits to the network. These tools should be used to block certain traffic such as unauthorized instant messages, P2P, or other services that are not absolutely necessary for the day to day operations. It is also important to use encryption for any device that may leave the office such as laptops, external hard drives, or USB keys. Using a strong encryption will make nearly it impossible for lost data to be accessed.

Last, but not least, having up-to-date anti-malware protection in place is a must. With malware commonly being installed from hacked legitimate sites and through vulnerabilities in common programs, if you do not have an anti-malware program with up-to-date definitions you are at risk to having backdoors, spyware, and keyloggers installed on your computers.