Backups are the best possible defense against this sort of thing. I'd suggest making two sets of backups. One first thing in the morning, which can then be stored in a nearby bank's safe deposit box vault, and then another one at the end of business, which can be stored on site. That way, whether it be a disgruntled employee or just some random fluke, you should never lose more than one day's worth of data. Ideally you'd never lose any data, but better only one day as opposed to everything.
I say this, because there's no sure way to prevent someone from getting into things. Companies like Microsoft and IBM spend millions of dollars on security, and even they can't keep out the odd hacker. You're on the right general track though. Give people only the access they absolutely need to do their job when it comes to sensitive data. If Bob over in product design doesn't need access to the accounting data, don't give him access to it. And if Sally in accounting doesn't need access to product design schematics, don't give her access. Create as many groups as it takes to create the level of access you need. Just be sure to document what you do, because if you try and keep it all in your head, you will forget something sooner or later. Plus, what if you get offered a dream job somewhere else, then how is anyone else going to figure out what you did?
Beyond that, one of the best things you can do is not create disgruntled employees. Sabotage like this never even occurred to people 20-30 years ago, and I'd say there's a very simple reason for that: 20-30 years ago, employees were treated more like human beings, not livestock. Treat your employees well, and I doubt you'll ever have to worry about any kind of sabotage from a disgruntled employee. You may not have a lot of control over this yourself, but doing what little you can will go a surprisingly long way towards preventing this sort of thing from happening.
We have a Dell Power Edge SC1430 with Windows Server 2003 R2, Standard Edition with SP2 installed. Our network was setup by our computer person (someone we pay by the hour when needed).
We are wondering how we protect our data in the event we have a disgrunted employee. We would like to prevent files from being deleted in the event someone would want to do damage. The employees do not have access to the server only the shared files on the server. How do I protect the shared documents folder and accounting software data?
Under the properties for that folder, then sharing, then permissions, there is a "Everyone" group listed. Then you can give Full Control, Change or Read access. Do we need to set up another group name and list the employees that shouldn't have full control? We want the employees to be able to create and change documents. How do I go about looking into this without having to call our hourly computer person to come out? Am I on the right track? Please advise. Thanks, Kim