Activity Monitoring: The Rule Engine leverages Teramind’s granular Activity Monitoring capabilities (e.g., apps, websites, emails) to determine the activity or content a rule should detect.

Employee: Rules utilize Employee Profiles to specify who the rule applies to.

Configurations: You can use the Configurations menu to create additional items like Shared Lists and Departments. These items can be used as inputs to rule conditions to expedite rule creation and share parameters across different rules. For example,

Monitoring Settings: Monitoring Settings allow you to control when and how a rule operates, minimizing privacy concerns.

Reporting and Evidence: You can access detailed reports of rule violation incidents and associated risks on the Behavior Alerts dashboard, view recordings and gather evidence from the Session Player, and receive Rule Notification Emails.

Enforcement: The Teramind Agent enforces the rules on the user’s computer. What actions the system will take can be defined from the Rule Editor’s Actions tab.

Uploading documents that contain sensitive data to personal Cloud drives.

Sharing documents outside the organization that have a confidential watermark.

Sending out emails with sensitive files to non-corporate emails.

Sending out emails with large attachments, too many attachments, or zipped files.

Printing during irregular hours.

Printing a large number of sensitive documents.

Taking screenshots, using screen capture, or using snipping tools.

Copying CRM data and pasting it into emails, an external site, or an unauthorized application.

Non-authorized use of Cloud sharing drives as an attempt to exfiltrate data.

Saving files on a removable medium.

Sharing files with protected properties or tags.

Employees communicating with competitors.

Signs of discontent, harassment, legal threats, or other sentiments in emails or IM chats indicate underlying issues.

The Development team using production data for testing and development.

The IT department storing authentication information, such as credit card magnetic data, which is prohibited under compliance laws.

Accessing the internet from restricted servers.

Installing RDP clients or opening ports.

User entering sensitive data such as passwords or personal details on potentially harmful or phishing sites.

An employee using the browser’s incognito/private mode frequently.

Clearing browser history or deleting cache files.

Sudden change in schedules or work patterns.

Using code snippets in database queries.

A vendor attempting to bypass security clearances and gain additional access by exploiting a bug, design flaw, or configuration oversight in an operating system or software application.

Contractor attempting to log in to database servers during off-hours or after the completion of a project.

External user or freelancer accessing confidential customer and employee records.

Employees looking at materials online that are questionable, suspicious, or otherwise dangerous. For example, hacking sites, pornography, or pirated content.

Abusing company resources, such as printing unnecessary copies of documents, throttling the network, etc.

Customer agent asking for credit card numbers in an insecure email or support chat without using the proper communications channel.

Sharing “not for the public” files on social media or IMs.

Employees opening emails that contain phishing links, viruses, or malware.

Installing browser plugins that aren’t secure or known to be problematic.

Entering passwords or personal details on insecure websites.

An unauthorized user is reading a document they should not have access to.

A user is trying to hide information in an image.

Employees participating in insider trading by sharing embargoed information, such as M&A documents.

Searching the internet for suspicious keywords and phrases, such as: “how to disable firewall”, “recover password”, “steganography”, etc.

Running the Tor browser or accessing the darknet sites.

Attempting to bypass the proxy server.

Installing VPN client.

Running network snooper, registry editor, or other dangerous applications.

Running password crackers, keyloggers, or other malicious tools.

Running software from external media or Cloud services.

Changing the configuration of the network or system settings.

Opening up blocked ports in the router settings.

RDP connection attempts to forbidden hosts or unauthorized use of RDP applications.

Performing IT sabotage by deleting user accounts, files, or directories.

Sharing source code outside the development team.

Creating back-door accounts or fake user credentials.

Get notified when workers are spending too much time on Facebook, watching YouTube videos, or surfing online shopping sites.

Flag when employees are idling too much, coming to work late, frequently absent, etc.

Warn employees when they are spending excessive time on personal tasks such as applying for jobs.

Using applications or sites that are unproductive.

Not following the prescribed policy when dealing with customers.

Not following corporate etiquette policy, for example, visiting gambling sites.

Contractor submitting invoices that do not match work hours or task completion status.

Prevent exfiltration of PHI (Protected Health Information) such as EHR, FDA-recognized drug names, ICD codes, NHS numbers, etc., to comply with HIPAA and HITECH policies (HIPAA 164.500 - 164.532).

Automatically log out the user when inactive for a certain time (HIPAA 174.312).

Block unauthorized traffic from EHR/EMR and clinical applications (HIPAA 164.306).

Restrict access based on a user’s “need to know” clearance. For example, block IT admins from accessing cardholder data while performing support tasks (PCI-DSS 10.1).

Use OCR-based rules to detect when a user has access to a full view of a PAN (Personal Account Number), violating PAN-masking or PAN-unreadable rules (PCI-DSS 3.4/3.5).

Block file-write operation when credit card numbers or magnetic track data is detected that would violate the storing of authentication data rule (PCI-DSS 3.2).

Prevent sharing of contact lists containing EU PII (personally identifiable information) such as English names, EU addresses, or EU phone numbers (GDPR 5).

Warn user when sharing files containing data such as DNA profile, NHS/NI number, and sexual orientation data, hence preventing the violation of the processing of special categories of personal data rule (GDPR 9).

Ensure that non-EU admins cannot access the records of EU employees, preventing the violation of the transfers of personal data to third countries rule (GDPR 44).

Enforce security-compliant behavior and take immediate action on detection of anomalies or rule violations, and train employees with detailed rule alerts (ISO 27001, Standard Enforcement).