NETconsent has announced a new Policy Enforcement Point, SSLconsent, which has been specifically designed to raise standards of IT governance amongst users remotely accessing a corporate portal.
User error has long been identified as a major cause of security breaches. From today, mobile and remote workers accessing applications through a corporate portal and using Microsoft’s Intelligent Application Gateway, can now be automatically notified of relevant security procedures directly related to the way they access corporate IT resources.
Microsoft’s Intelligent Application Gateway provides “contextual access” to portals and network based applications dependent on the user’s profile, their location and the device being used for access. In order to protect confidential and sensitive data, users may not always have identical access to information when in and out of the office. For occasional remote workers this may lead to confusion and frustration if they do not understand why such restrictions are necessary thus generating potential information assurance risk exposures
The new NETconsent Policy Enforcement Point guarantees that users are automatically reminded of their rights and responsibilities as often as deemed necessary by the host organization.
5 tips to improve security practice amongst mobile workers
1. Effectively communicate your mobile security policy.
It is no good having a written policy if users don’t know about it. Use language that is easy to understand and endorsed by line managers. Consider sending an abbreviated policy to all workers, as they may be using insecure devices that you don’t know about!
2. Get users to sign up to policies that affect them.
A greater degree of diligence will be instilled if users know they will be held accountable for their actions.
3. Be prepared to discipline people who flout guidelines.
Even if a security breach doesn’t occur, acceptable standards of behaviour should be upheld to ensure people are treated fairly and consistently.
Actual practice needs to reflect policy or change the policy!
4. Periodically remind users of their responsibilities.
Remember your users are not IT gurus. To keep security at the forefront of their minds when they have a “real’ job to do is not a one off exercise.
5. Make secure remote access user friendly.
Providing a secure pathway to information dependent on a user’s identity and the device being used at the time reduces the security burden on users and reduces the possibilities for human error.