Insider threat

How do you stop employees taking confidential information with them when you terminate their employment ,without annoying them so much that they do something stupid ? My thoughts follow . Classify information and label it . Store the classified data (eg customer list )in a system like a document management system or a database and restrict export functions. When terminating an employee remove access to these systems first . This may not be possible organisation wide (or you may be behind on this), so restricting USB devices via microsoft group policy , removing DVD/cd burners, restricting web based email may be necessary in some cases. DLP is only going to be useful if you know what data is confidential before hand so you can block it. However DLP could perform a role of a black box flight recorder helping you determine what has walked out the door and help you as an infosec pro quantify the extent of the problem. DLP has most benefit in stopping accidental leakage events or stupid attempts . The smart and determined will just print out the data or take a photo of it on the screen. But hey maybe the smart determined ones will still have a job ?

---- 
Sent using a Sony Ericsson videophone