Skip to main content

Who is this article for?

Incydr Professional, Enterprise, Gov F2, and Horizon
Incydr Basic, Advanced, and Gov F1

Find your product plan in the Code42 console on the Account menu.
Not an Incydr customer? For CrashPlan articles, search or browse.

Instructor, no.

Incydr Professional, Enterprise, Gov F2, and Horizon, yes.

Incydr Basic, Advanced, and Gov F1, yes.

CrashPlan Cloud, no.

Retired product plans, no.

CrashPlan for Small Business, no.

Code42 Support

Secure data throughout employee tenure


Throughout an employee's time at your company, their access to data may pose more or less risk. For example, a new employee may unknowingly break company policy by using a thumb drive, or an employee who put in their notice may plan to take company data with them when they leave. 

To be sure your data remains secure, use watchlists to more closely monitor the file activity of employees with higher risk profiles. 

For detailed steps about how to add employees to watchlists, see Manage watchlists.

About watchlists

While having access to your high-impact data may be critical for an employee to do their job, this access can leave you vulnerable for potential data loss. 

Use watchlists to more closely monitor employees that may have higher risk due to their job requirements or their past behaviors:

  • Departing: Employees about to leave the company
  • New hire: Brand new employees that may not be aware of your security practices
  • High impact: Employees who have a special role or broad access to high-value data
  • Elevated access: Employees who have elevated privilege or access to sensitive systems
  • Performance concerns: Employees that have a poor performance review, got a demotion, or are on a performance improvement plan
  • Flight risk: Employees that have reached a tenure when you often see them leave or they express job dissatisfaction, get turned down for a promotion, or have teammate conflicts  
  • Suspicious system activity: Employees who tried to access sensitive systems or raised alerts in other security monitoring systems
  • Poor security practices: Employees that use unsanctioned tools to get their jobs done or have poor security awareness as shown by consistently falling for phishing tests or failing security training
  • Contractor: Employees who have a contract or temporary status

For each watchlist, you can set up customized alerts to notify you when important data may be leaving your organization. 

More tools to identify insider risks

In addition to the watchlists, the following tools and resources help aid your insider risk detection program: 

  • Use the All users list to see what users have critical file activity is occurring across your organization.
  • Use the User profile to check an employee's file activity ad-hoc, to verify that you don't have data leaving your organization. Based on what you see on the User profile, you may determine the employee should be added to a watchlist. 
  • Risk indicators call attention to potentially risky file activity from an employee, such as a file extension mismatch or file activity that occurs when the employee is typically not active. 
  • Look at all the file activity across your organization on the Risk Exposure dashboard.
  • Add trusted domains and IP addresses to help you focus on higher risk activity.
  • Create alerts to notify you when specific file activity behaviors exceed your thresholds.
  • Add data sources to get alerts about file activity in your designated cloud services, such as Google Drive, Microsoft OneDrive, or Box, and email services such as Gmail or Microsoft Office 365. 

For more information about how you can use Code42 to detect, investigate, and respond to insider risks, see Detect and respond to insider risks.

  • Was this article helpful?