For example, our company is a joint venture with American enterprises. After six years of joint venture, American enterprises closed down, but our influence was not great. The company has been operating normally and has expanded several wholly-owned subsidiaries abroad, namely India, Russia and Argentina. Strong foreign sales team, British agents, American agents, etc. Annual sales growth, due to industry trends, high cost, and was later acquired by listed companies. I didn't do a good job of keeping information confidential, but it didn't affect me for so many years. It's nothing.
Before it was acquired by a listed company five years ago, there was no control over computer files, and all files and forms could be copied in and out, which was very random and efficient. There is also a great risk of leakage.
It is understood that the company's document management control system is generally divided into the following categories.
Secret: the basic qualification and product qualification of the company; Company personnel files, personnel contracts and agreements, and employees' salary income; All kinds of information that has not yet entered the market or been made public are secrets.
In the industry, there are rules and regulations on document management, which are divided into the following categories:
Confidentiality: the company's planning; Financial data and statistics; Minutes of important meetings; Contracts and agreements signed in the company's foreign exchanges; The operation of the company is confidential.
Top secret: important decision-making documents and materials (such as articles of association, resolutions of shareholders' meeting, resolutions of the board of directors, resolutions of the board of supervisors, etc.). ) directly affects the rights and interests of the company in the course of its business development; Customer information and supplier information; Technical data of all equipment; Graphic materials designed; Proprietary technology; Other important information that the company considers to be top secret.
Non-confidential matters: internal documents such as general decisions, resolutions, notices, circulars and administrative materials; Foreign documents are not confidential.
Content:
Classification, scope, classification and identification of confidential documents
Classification of confidential documents
According to the severity of possible damage to the company's rights and interests after the document is leaked, the confidentiality level of the document is divided into three levels:
A-top secret document: the most important document of the company, the disclosure of which will cause particularly serious damage to the company's rights and interests. B-confidential documents: important documents of the company, the disclosure of which will seriously damage the rights and interests of the company.
Class C-secret documents: general documents of the company, the disclosure of which will harm the rights and interests of the company.
Scope of confidential documents
Key design drawings: patent and original design drawings.
Technical data: unique technical transformation scheme, technical cooperation with foreign parties or technical guidance materials from foreign parties, product formula, product development, improvement or test materials, important asset management materials, etc.
At present, our company has basically installed and matched the information security architecture of the group, and has the authority. No encryption software is installed on this computer. Even if it can be copied, it's all garbled, not at all. When it comes to information security, you are not afraid of 10 thousand, just in case. Once discovered, it will cause heavy losses.
In the workplace! We should guard against people in advance.
There is an old saying: there is no windtight wall in the world.
The subject has clearly known that it is a leak within the enterprise, which can reflect many problems. First, the education of internal security and confidentiality awareness of enterprises is not in place; Second, the internal security measures of enterprises are not in place; Third, internal security rewards and punishments are not in place.
Whether it is a large enterprise or a small enterprise, it is very important to do publicity and education at ordinary times. As long as two or more people unify their goals and basic ideas, they will certainly do well. The more people who handle secrets, the greater the possibility of leaking secrets, especially some core secrets of enterprises, which are related to the survival of enterprises. What's more, competitive companies will try their best to obtain them so that everyone in the enterprise has a sense of confidentiality, which needs to start with the most basic safety education.
The second is to do a good job of confidentiality measures. This different enterprise and different secrets use different methods.
Third, the punishment for the leaker must be severe, and we should learn from the past, so that people who have the idea of leaking will be frightened at the thought of leaking, so as to put confidentiality first.
How to do a good job of secrecy can be studied in detail in the early days of the founding of the People's Republic of China, how the country secretly built two bombs and one satellite under the conditions of hardship and poverty, and the annual oil field was discovered.
Leaking inside the enterprise is because the protection level of company files is not enough. For people at all levels of the company, it is necessary to strictly control the access and outgoing authority of the company's documents to prevent the company's information from leaking.
The management and control of company files can be realized by iMonitor EAM software, which manages files at three levels:
1, USB device management: managers can directly disable USB storage devices or set USB devices as read-only to prevent files from being copied out of the company.
2. It is forbidden to send files out: the above is the protection of hardware, and employees will also send files out through QQ, WeChat and network disk. IMonitor EAM can set the file transfer prohibition, and customize the file type and file transfer mode for transfer. After the rules come into effect, files can only be delivered normally after approval.
3.iMonitor EAM file transparent encryption function.
Administrators can define their own file types that need to be encrypted. After the encryption rules come into effect, all files on the computer are encrypted, and the computer with the same client installed in this machine and the company can be opened and sent normally. If the file is decrypted without approval, the file is still encrypted, and it is garbled after being sent out, so it cannot be opened and used normally.
Whoever smashed the pot of the enterprise will smash its bowl!
If any fence is not laid properly, the virus will take this opportunity to create confusion and will naturally cause leakage. To prevent leaks, we can find out the reasons from the following three aspects, and then improve and strengthen them.
First, despise network security work.
Some people mistakenly think that the enterprise information they contact every day is very ordinary, and they don't encrypt it when sending emails. Once intercepted by people with ulterior motives, and then sold to the competitors of the enterprise, the loss will be incalculable.
Second, there is no physical isolation between internal and external network computers.
Large and medium-sized enterprises generally use intranet (also called local area network) and extranet. The intranet here is the network, webpage or website that employees of the enterprise contact with each other, and the extranet is the Internet. If these two networks are mixed together, there will be no computer in the world today that they can't hack into by hacking.
The correct way is not to enjoy the printer to prevent internal secrets from leaking through the printer port. If an employee has two computers, he should use both internal and external networks. It is forbidden to connect the monitor with a switch, but the monitor should be connected to the host, so that the internal and external networks can be completely isolated. Of course, if it is stricter, it is that external computers must not store sensitive information of enterprises.
Third, employees' sense of confidentiality has not kept up.
Training and education failed to keep up with the progress of enterprises, neglected the management of network security, and the system was not perfect. Employees' USB flash drives are randomly mixed in internal and external computers, so it's strange that they don't leak.
The correct way is to strengthen the education of employees' confidentiality awareness and sign confidentiality agreements. Whoever breaks the pot of the enterprise will break its bowl!
In the internal leakage events of enterprises, the main ways of leakage are computer peripheral media and network channels. Peripheral media mainly include storage media (mobile hard disk, USB flash drive, flash card, etc.). ) and transmission media (fax, printing, CD-ROM drive, etc. ). The network channels mainly include QQ, WeChat and other chat software transmission, as well as email delivery and online uploading. In fact, the prevention of leakage should be solved from the source, not blocking all leakage channels. Because of the leak route in 1000, you blocked 999 kinds. As long as there is one leak, it will fall short. You can try the encryption software that many enterprises are using now. Encrypt the file itself, don't worry about how the file is leaked, because others can't open the encrypted file. There are many encryption software on the market now, such as the red line anti-leakage system, which is a relatively simple, safe and reliable encryption software.
Enterprises have no awareness of safety protection, and employees can sign different confidentiality agreements in different positions when they join the company.
There is also that employees have no sense of belonging to the company and no company as their home. It is very important to make employees feel a sense of belonging.
Internal leaks in units are mainly divided into man-made leaks and non-man-made leaks, because safety management is not in place.
Let's start with man-made leaks. Man-made leaks are the biggest hidden danger of the unit, because you can't guarantee that every employee is loyal to the unit, and you can't always monitor employees. Employees often take the initiative to collect leaked information through their own resources, some for certain benefits, and some for collection and storage.
On the other hand, it is not man-made leakage. This kind of leak can be solved by technical means, such as mixing internal and external networks, using USB flash drives alternately, and transmitting files by personal mailbox. Compared with the first kind of people, this kind of leakage is not bad, and it is easy to prevent and control. Risks can be avoided by separating the internal and external networks, restricting the USB flash drive, unifying the data transmission mode, and encrypting computers and important files.
In a word, no matter what kind of leaks, as long as we strengthen the confidentiality management and make up the loopholes in the system in time, we can well guard against risks. For personnel in key confidential positions, daily investigation should be increased to find bad signs in time and prevent problems before they happen.
If there are any deficiencies, please add them in time.
1. According to the severity of the leaked contents, slight internal handling of the company will be punished, and serious cases need to be sent to legal organs for loss assessment and compensation.
2. Confidentiality measures should be taken within the company, and every employee needs to sign a confidentiality agreement before entering the company; Confidential documents are classified into different levels. At the same time, people in different locations are exposed to different materials, depending on the location.