hi,
with the hosting service,all the data are saved on server and pc,
include customer's data and company's other data,
those may include the billing or system management...etc,
how do you make them safe ?
and how do you check if anyone try to bring them out ?
thanks

You could always write up a contract and have your staff sign it that states they will not release any of the private information etc etc. but I'd recommend getting a lawyer for all that.

Lots of backups, that staff do not have access to.
Make sure you have a lawyer draft a document in regards to using, sharing, divulging, downloading, damaging etc company data.
And the final answer is, you can't really prevent it. If a staff member wants to take out whatever they have access to, then they probably will succeed.
The backup and the legal document mean that you can recover quickly and press charges/sue.

Lots of backups, that staff do not have access to.
Make sure you have a lawyer draft a document in regards to using, sharing, divulging, downloading, damaging etc company data.
And the final answer is, you can't really prevent it. If a staff member wants to take out whatever they have access to, then they probably will succeed.
The backup and the legal document mean that you can recover quickly and press charges/sue.
+ Include an extra line every time you pray :P

The short answer is that if you do not trust your staff, then you should:
- fire them.
- hire staff you trust.
:)
The long answer is that you can ultimately trust nobody except yourself. However, your life will be very difficult if you try to do the job of 15 people yourself, and your spouse will not like it.
So... the "solution" is to hire the most qualified people you can find, which includes checking references and seeing if they are trustworthy.
Also, have a good contract that is written by a qualified lawyer.. and make sure it's valid for whatever country you live in. This might mean you can't hire overseas, if you're in US, since the contract is basically unenforcable unless you have an international lawyer and a truck full of money.
Change passwords often, and perform regular server audits to see who has access, etc...
In the end, there is very little you can do to protect yourself from someone who has all your server passwords, billing system passwords, etc. This is a risk you take when operating a business that is 100% virtual.
Hope that helps!

hi,
with the hosting service,all the data are saved on server and pc,
include customer's data and company's other data,
those may include the billing or system management...etc,
how do you make them safe ?
and how do you check if anyone try to bring them out ?
thanks
In short, ISMS and strong contracts will be the perfect solution.
In detail....
Implement ISMS (ISO 27001). The certification demands the setup of whole lot of systems and procedures in place to handle the security aspect of critical assets. With regular audit you can be sure that all your assets are in safe hands.
Secondly, Have a strong employee contract where it states about "Do and Dont".
Third, educate the employees about the legal hassles that they can get into when they are caught and how it can impact their life.
Fought, have the entire activity that happens in your company be captured and stored on daily basis ( logs on chat/email/ sites accessed etc should be monitored)

Hi,
thanks to all the suggestion and experience.
i agree with your sharing,i post the thread with my reason.
of course,i know i need to trust others ,
or i have no self time and my business will not grow at all,
i know i need a lawyer to build a stable contract for my staffs,
but i hope i can build a process or any check point to check or detect if company's info to bring out,
i know iso 27001 may reach my goal,
haha,but it really a big project.
thanks

Lots of backups, that staff do not have access to.
Make sure you have a lawyer draft a document in regards to using, sharing, divulging, downloading, damaging etc company data.
And the final answer is, you can't really prevent it. If a staff member wants to take out whatever they have access to, then they probably will succeed.
The backup and the legal document mean that you can recover quickly and press charges/sue.
Exactly.
Also be sure to run at least a minimal background check on them before hiring.

i say pay them a good amount and hire people you trust.

i say pay them a good amount and hire people you trust.
Thats the way to go, its hard to find people to trust now a days. Just make sure the people handling your database are the people your always in contact with. Your database is something you should be worried about.

Have your staff sign an NDA and have them provide scanned identification (such as a driver's license). :)

We've got some monitoring software on our computers and all employees are friends and people I've known for years.
All the best,

We've got some monitoring software on our computers and all employees are friends and people I've known for years.
All the best,
Hi,
can i ask what monitor software can do this,
if you are not convenient to post heer,
is it possible to pm me ?
thanks

We've got some monitoring software on our computers and all employees are friends and people I've known for years.
All the best,
Monitoring software is a little harsh. I thought a simple clause in a employee contact would be enough. Although have worked in a university IT setting, all the computers are monitored for types of applications and mp3 files.

with the hosting service,all the data are saved on server and pc,
how do you make them safe ?
and how do you check if anyone try to bring them out ?
1. Respect your employees, they'll show the respect back.
2. Pay them well
3. Make sure you have a competent attorney within arms reach if doodoo hits the fan, though it likely never will if you follow 1 and 2.

I always thought it was easier just to hire people that are smaller than you and then threaten with physical violence.
[/end joke]
You pretty much have it summarized in this thread, hire people that you feel you can trust, have good policies and procedures in place to assist in preventing this and most important - ensure you have a good attorney.

You pretty much have it summarized in this thread, hire people that you feel you can trust, have good policies and procedures in place to assist in preventing this and most important - ensure you have a good attorney.
When you are working with Human minds, you can't actually relay on Policies / procedures; till then the same are not being conveyed on the right manner.
Still there is a chance one try to act a bit smarter to pay with the Company laws; So, there must be a provision of Hard Punishment, in case one don't comply with Rules.
That actually actually help management to develop a negative motivation in employees against misusing company's secrete information.
The other point i want to add is : Company should put all the employee data on a single server, where logs can easily be monitored Like Who is accessing What .
Limited Access to Data to each Staff : also help preventing misuse of data.

Monitoring software is a little harsh. I thought a simple clause in a employee contact would be enough. Although have worked in a university IT setting, all the computers are monitored for types of applications and mp3 files.
We've got monitoring software on the computers for a last line of defense really. Just lets us see what they are up to during the day. Are they working or just surfing the net? :) Then it lets us know if they've saved any info to a removable disk or whatever.
All the best,

Hi,
can i ask what monitor software can do this,
if you are not convenient to post heer,
is it possible to pm me ?
thanks
The software we use to monitor our employee's is called Spector 360 (http://www.spector360.com/). It's real nice, let's us see what they're up to.
All the best,

The software we use to monitor our employee's is called Spector 360 (http://www.spector360.com/). It's real nice, let's us see what they're up to.
All the best,
Nice to know. Thank you for sharing.

it is almost impossible to do that, cause you can't control everybody, so what you can do is just respect your employee

Even the best humans are corruptible! The greatest person on earth still might steal from you. But having an open level of communication with staff reduce this.