Re: ReadyNAS RN528 stop staff from potentially stealing files
Normally you manage access by
creating NAS user accounts and groups for the staff to use
turning anonymous access off for all shares
Selectively allow specific groups or specific users access to each share.
Doing this correctly does require some analysis of the work flow, and identifying who needs access to what files. That is, you'd want to consolidate all the files that the sales folks need to access into its own share, and similarly with the other groups.
If some data is particularly sensitive, then you can use veracrypt or other tools to encrypt it. However, if a staff member needs access to a file to do their job, then they will be able to steal it - not much you can do about that.
creating NAS user accounts and groups for the staff to use
turning anonymous access off for all shares
Selectively allow specific groups or specific users access to each share.
Doing this correctly does require some analysis of the work flow, and identifying who needs access to what files. That is, you'd want to consolidate all the files that the sales folks need to access into its own share, and similarly with the other groups.
If some data is particularly sensitive, then you can use veracrypt or other tools to encrypt it. However, if a staff member needs access to a file to do their job, then they will be able to steal it - not much you can do about that.
Many thanks for the reply.
Sorry forgot to add now thinking about it, there are two shares, one is for management, one is for staff. The staff one is a free for all. There are two groups. Management and staff.
It's a really simple setup, and I have told them, they could pretty much just copy and paste whatever they wanted to over the network to a pen drive or their own dropbox etc, it might be quite difficult to stop.
Encrypting and decrypting a file to work on it would be too time consuming I reckon.
Model: RN428|ReadyNAS 428 – High-performance Business Data Storage - 8-Bays
Sorry forgot to add now thinking about it, there are two shares, one is for management, one is for staff. The staff one is a free for all. There are two groups. Management and staff.
It's a really simple setup, and I have told them, they could pretty much just copy and paste whatever they wanted to over the network to a pen drive or their own dropbox etc, it might be quite difficult to stop.
The management share could be locked down so only management accounts can access it. Restructuring the staff share into multiple shares with more restricted access (reducing the exposure from at least some staff) might be possible, but would require some analysis on their part.
But I agree it would be quite difficult to prevent theft of files by staff who need access to them.
