How does this actually work? Does Windows keep a log of files accessed or copied? Or does the company install additional security software that audits this?
Windows has some of this. But if you want crazy levels of granularity there are plenty of software vendors to choose from.
My company knows every file every person accesses, where it came from, and where it went. They lock down computers down to the individual USB port. If you put a thumb drive in the wrong port Windows machine, a guy from IT Security shows up within 30 minutes.
That was the day I found out that if I try to charge my hotspot at work, it shows up as a USB drive.
> 15. Later that day, on 12/12/2018 at approximately 4:00 p.m., Tan sent the following text message to his supervisor:
... [Another Company A supervisor] was asking if there is anything I have with me associated with company IP. I have a memory disk that contains lab data that I plan to write report on, and papers/reports I plan to read at home. Now that I have been exited from (COMP ANY A), can you check what is the best way of handling the information and how sensitive they are? Can I still read the papers/reports from the memory disk?
> 16. After receiving the above text from Tan, Tan's supervisor asked him to return the flash drive (which Tan's text message referred to as a "memory disk") to Company A.
> 17. At approximately 5:15 pm on 12/12/18, Tan returned to the Research Technology Center at Company A where he provided a USB flash drive to his supervisor. The USB flash drive was Tan's personal property, which he was not authorized to utilize within Company A's space. There is no record of Company A having issued a USB flash drive to Tan.
You just turn on auditing features in Windows on your file servers. There are many third party tools that can help you sift through and retain logs, but the basics can all be done with vanilla windows os.
- Sharepoint access logs (the server side)
- Corp IT has access to your machine, and can activate keyloggers to see what you are doing with the downloaded files. (the client side)
My company knows every file every person accesses, where it came from, and where it went. They lock down computers down to the individual USB port. If you put a thumb drive in the wrong port Windows machine, a guy from IT Security shows up within 30 minutes.
That was the day I found out that if I try to charge my hotspot at work, it shows up as a USB drive.