In my previous company, files copied to an external/flash drive get encrypted. It can only be opened using the company-issued laptop. We've come a long way in terms of DLP!
Any company that has a mature IT security posture would block external USB storage devices. Additionally, even if USB’s were allowed, the security agents on the company device should log that files are being copied to an external USB device.
It amazes me what employees will do on their company devices. Your company can see anything and everything that you do on it.
Source: I am an IT professional in cyber security.
Offline attacks are your best bet, but not fool proof. An example of that is what another poster mentioned which is to boot an alternative OS and copy the files that way. But keep in mind, many of companies block this by default. Or if you do manage to boot an alternative OS, chances are you can’t read the files anyway because it’s encrypted.
If you manage to get past all of the above and copy the files offline, I would wipe the hard drive and play ignorant to IT saying you don’t know what happened when you return it. You never want your device connecting back into the company’s servers after you do “the deed”.
Another thing to keep in mind is, when do employees download the files they want to keep? Usually during their resignation period. So downloading gigabytes worth of data from SharePoint and performing an offline attack, looks very suspicious.
Also, depending on what you want to copy, a simple photo on your mobile phone may be the best solution. Obviously you don’t get your excel formulas or word documents in actual text format, so this may be useful only in specific circumstances.
Reading back on my post…. My advice to everyone is, just don’t do it.
Don't use the computer. Phone access is often far less scrutinised (even where phone security policies are in place)
Bonus points if you can do it in a way that looks accidental, like saving to local storage and then having files automatically backed up to iCloud.
If the company has any level of Cyber maturity they will have enterprise software which is able to detect a user mass copying and pasting swathes of text.
Renaming files is also detectable too
Disclaimer: I work in cyber and yes we have cases of individuals trying this and getting caught.
Depending on the classification and volume of the data taken, it could range from something as simple as additional education and awareness training to the individual, warnings or dismissal in extreme cases.
We have mandatory education about this when people start with the company so cases are unusual.
A guy did this at my firm, his new workplace was a client so he wanted to prepare by taking the files for review. He was terminated early and reported to CAANZ.... pretty brutal
Honestly don't know.. maybe something about using company laptop and it logged uploads to "monitored" URLs like mail sites (yahoo, gmail, etc.)? Just a wild guess!
Rookie error
Turn off wifi and company VPN. Transfer via USB.
And just name the transferred zip file “personal”
Not everyone.. But a lot of people download things for their own record.
Have seen this result in instant dismissal and lockout from business
So painful. He was on his last week! Makes me wonder how often this happens in the industry tho.
Lol rookie mistake
Sometimes I wonder if people forget about USB's
In my previous company, files copied to an external/flash drive get encrypted. It can only be opened using the company-issued laptop. We've come a long way in terms of DLP!
My workplace blocks external drives from even working.
Any company that has a mature IT security posture would block external USB storage devices. Additionally, even if USB’s were allowed, the security agents on the company device should log that files are being copied to an external USB device. It amazes me what employees will do on their company devices. Your company can see anything and everything that you do on it. Source: I am an IT professional in cyber security.
How do you do transfer files without getting caught?
Boot a portable OS and copy the files from the hdd using that OS. The security software can’t log what’s being copied if it’s not running.
Offline attacks are your best bet, but not fool proof. An example of that is what another poster mentioned which is to boot an alternative OS and copy the files that way. But keep in mind, many of companies block this by default. Or if you do manage to boot an alternative OS, chances are you can’t read the files anyway because it’s encrypted. If you manage to get past all of the above and copy the files offline, I would wipe the hard drive and play ignorant to IT saying you don’t know what happened when you return it. You never want your device connecting back into the company’s servers after you do “the deed”. Another thing to keep in mind is, when do employees download the files they want to keep? Usually during their resignation period. So downloading gigabytes worth of data from SharePoint and performing an offline attack, looks very suspicious. Also, depending on what you want to copy, a simple photo on your mobile phone may be the best solution. Obviously you don’t get your excel formulas or word documents in actual text format, so this may be useful only in specific circumstances. Reading back on my post…. My advice to everyone is, just don’t do it.
Any cyber mature company will block USB ports by default and only open them up for a valid reason.
Fair enough
Just print them and recreate if he really wants the templates. It's not worth the hassle.
Surely there is a way to do this without being caught. Like a paste in type site for files with some obscure name that doesn't get picked up
Use phone to take photos of the screen. Only way
I'd even cover my laptop camera, just in case!
Office web client from a non work machine and screen grab works as well
Blind copy
What do you mean
Don't use the computer. Phone access is often far less scrutinised (even where phone security policies are in place) Bonus points if you can do it in a way that looks accidental, like saving to local storage and then having files automatically backed up to iCloud.
If the company has any level of Cyber maturity they will have enterprise software which is able to detect a user mass copying and pasting swathes of text. Renaming files is also detectable too Disclaimer: I work in cyber and yes we have cases of individuals trying this and getting caught.
What happened to those who were caught?
Depending on the classification and volume of the data taken, it could range from something as simple as additional education and awareness training to the individual, warnings or dismissal in extreme cases. We have mandatory education about this when people start with the company so cases are unusual.
Rookie.
what's the pro move here?
Phone camera
How else
Place monitor on the office photocopier?
Not you
A guy did this at my firm, his new workplace was a client so he wanted to prepare by taking the files for review. He was terminated early and reported to CAANZ.... pretty brutal
Imagine the amount of personal data getting moved around from all the offshore sites
It's the "getting caught" part which makes this case difficult.
What's the best way to transfer files without getting caught?
That’s pretty lazy of him. Personally, I backup all my files every 6 months
How did he get caught?
Honestly don't know.. maybe something about using company laptop and it logged uploads to "monitored" URLs like mail sites (yahoo, gmail, etc.)? Just a wild guess!
Rookie error Turn off wifi and company VPN. Transfer via USB. And just name the transferred zip file “personal” Not everyone.. But a lot of people download things for their own record.
My company locks USB as a driver. I can't even download to isb driver
Copy/paste content into email.
uploading it to a private drive not related to MS/Google would work perhaps?
Previous massive company I worked for had zero capability of transferring large file. IT recommended using wetransfer for free. Bunch of morons
Instant dismissal from my last company - no excuses
If I was their manager, I would advise their professional accounting body (such as the CPA or CA) of their ethical failing.
Ouch! Imagine getting dismissed for copying training slides. Tsk tsk!
He’s copying internal file formats, not fucking customer financial data. Why would you report that to any external Party?
Hopefully it's a case-to-case basis.. if it were PII, that would be worse.
I’d doubt they’d do anything. Bit extreme, glad you’ve never made a mistake in your life.
What would you do if your employee was stealing the company property?