I've had an employee leaving the other day and he's told people in the business that he might have taken some sensitive information. It's likely to be via cloud storage (e.g. Dropbox, Box, Evernote, etc.)
Is there a way to track this down? We use Citrix Xenapp Thanks in advance
It's possible, you would just have to check network and file access logs if you have them. The main problem is how specific your logging was. At best, you would have file access logs showing that he accessed certain files of a certain size and network activity logs showing he had recently uploaded files of the same size.
However, if you are asking such basic questions you obviously don't understand the underlying system well enough to carry out such a search. As such logs are usually fairly ephemeral, you need to hire a real IT person to come and do it for you ASAP. If you haven't set up such logging, you probably won't have much to go on besides "last accessed" file-stamps on the files themselves. Which means that the next time someone messes with that file your evidence will evaporate as well.
At best you might be able to see that the employee accessed a certain cloud storage site, if you have the logs.
The bigger question is what you hope to do once you find out that the employee did access some cloud storage provider? Will it actually be of any help? What if the employee downloaded the data to a USB stick? The point is that knowing that someone did something they shouldn't is of limited value. You need to have appropriate controls in place to prevent the unauthorized behavior.
The 'cat is out of the bag' on this one. You might not be able to get it back in. But you can do things to prevent it from happening again.
