At present, almost everyone in the company has a mobile phone, and now the storage space of the mobile phone is larger and larger, and the reading and writing speed is faster and faster. A large number of files can be quickly copied from the computer, stored in the mobile phone, and taken as their own or carried out privately, which makes the enterprise’s business machine secret and file security management face new challenges, It is also an important aspect of enterprise LAN file security management.
So, how can enterprise LAN prohibit computers from transferring files to mobile phones and prohibit computers from transferring files wirelessly to mobile phones? The author thinks that the following two measures can be adopted to prohibit the mobile phone from copying computer files and prevent the behavior of wireless transmission of computer files.
Method 1: forbid employees to carry mobile phones at work and access to USB interface of computer without permission by management means.
At present, many units have restricted the employees’ behavior of carrying and playing mobile phones during working hours. The common practice is that employees store their mobile phones in a certain place of the company before entering the office. It is forbidden to bring the mobile phones into the office and work places, thus completely preventing employees from copying computer files through mobile phones. At the same time, it also avoids employees’ behaviors of wasting working time and reducing work efficiency by playing with mobile phones during working hours. In addition, some units will prevent employees from connecting mobile phones and computers through data cables and copying computer files to mobile phones through BIOS settings and physical blocking of USB interface. But because the staff will realize the wireless file transmission of mobile computer through the network, which is mainly realized through QQ chat or some mobile assistant software. Therefore, it is necessary to prohibit the computer from logging into QQ chat software or using mobile phone assistant software, disable portable WiFi and other wireless network tools, and even completely prevent the computer from accessing the Internet by physical means, so as to realize the security management of computer files.
However, whether forbidding employees to carry mobile phones at work, forbidding computers to access mobile phones through USB interface, forbidding computers to log on to QQ, forbidding computers to use mobile assistant software, or even forbidding computers to surf the Internet, although it can prevent the wireless file transmission of computers and mobile phones, it will also bring some inconvenience to work, and easily cause employees’ resistance and disgust, It is not conducive to mobilize the enthusiasm of employees. Therefore, the above prohibition of mobile phone computer wireless file transmission is more suitable for some units with strict confidentiality requirements.
Method 2: prevent the wireless file transmission of computer and mobile phone and the behavior of copying computer files by mobile phone by means of computer file management software, data encryption software and file encryption software.
It is a common practice for domestic enterprises and institutions to protect the security of computer files by means of special computer file management software and data encryption software to prevent the leakage of computer files by means of mobile phones. At the same time, the effect is obvious, and there is no negative impact of the above-mentioned physical means to protect computer files. For example, there is a “general trend to computer USB interface management software” (download address:http://www.grabsun.com/monitorusb.html）, is a comprehensive protection of computer file security special software. It can not only completely prohibit the use of USB storage tools such as U disk, mobile hard disk and SD card, but also completely prohibit the mobile phone from accessing the USB interface of the computer, and copy the computer files to the mobile phone, without affecting the charging of the mobile phone. At the same time, it can also completely prohibit the use of various mobile assistant software to prevent the behavior of copying computer files to the mobile phone through the mobile assistant. As shown in the figure below:
Picture: computer USB interface management software, forbid computer mobile phone wireless transmission file software
At the same time, the wireless file transmission of computer and mobile phone is mainly realized by landing the same QQ number on the computer and mobile phone at the same time, and then the computer files can be easily transmitted to the mobile phone through QQ. The general trend can also be prevented by the USB interface management software. The specific principle is: before the computer logs in to QQ and sends the file to the mobile phone, it must click “my * * mobile phone” in QQ friends, and then open a dialog box, and select the computer file through this dialog box, and then it can be sent to the mobile phone. As shown in the figure below:
Figure: the method of sending files from computer QQ to mobile QQ
Therefore, you can use the “forbidden program” function of the USB interface management software to prohibit the opening of this dialog box. Naturally, you can’t send files to the mobile QQ through the computer QQ. The specific ways are as follows:
First of all, we open the dialog box of QQ sending files to mobile phones, then open the “task manager” to view the form description of this dialog box, and then add the keywords of this description (such as “mobile phone”) to the list of “forbidden programs”, so that once users open this dialog box, it will be closed immediately, In this way, the behavior of sending files from computer QQ to mobile QQ can be completely prevented. As shown in the figure below:
Figure: getting the form description of the dialog box
Figure: adding keywords to the list of “forbidden programs”
At the same time, you can also add the class name of this dialog box through the form class name (provided in the official version), so that you can disable the wireless file transfer behavior of all operating systems and all mobile phone brands in real time, and completely prevent the wireless file transfer behavior of computer files.
In addition, the general trend to USB interface disable software can also filter email attachments, prevent the network disk from uploading files, prevent FTP from uploading files, prohibit QQ from sending files, prohibit QQ group from sharing files, etc., so as to comprehensively protect the security of computer files, and protect the intangible assets and business Secrets of the unit.
In a word, no matter through management means and physical means, or through special computer file security management software, computer file protection and computer data leakage prevention can be realized. However, compared with management means and physical means, special computer file encryption software and document protection software can prevent computer file leakage It is relatively simple, strict and effective to prohibit wireless transmission of files by computers and mobile phones. In practice, Chinese enterprises and institutions can choose flexibly according to their own needs.