Lack of Ongoing User Training and Interaction Result in Security Vulnerabilities and Non-Compliance to Security Standards

Handling sensitive information is a complex task, which normally requires training and self-governance. If users are not properly trained or do not have a proper way to give feedback, they will not learn the proper way and will not change their behaviour to address the security concerns. Unfortunately, existing traditional security systems do not visually indicate whether information is sensitive and do not provide the user with a mechanism to interact with the system in case they genuinely want to use the information. This rigid structure often results in users avoiding security just to get the work done.

Solution : e-Safe Compliance Educates and Modifies Human Behaviour

1. Visual signals ensure ongoing education and ensure compliance

e-Safe Compliance assists in improving the behaviour of users by educating the users on acceptable usage. e-Safe Compliance monitors user behaviour, and when misuse of sensitive information or inappropriate behaviour is found, it displays warning messages to the user for guidance. For example, sensitive information is clearly marked with triangles based on their sensitivity levels (displayed below). The visual representation ensures users are aware they are dealing with sensitive information and appropriate warning messages are displayed when they mishandle the information.

Visible Signals to ensure ongoing education and compliance

In addition to this, users are warned of any misuse of the company property through the display of a clear policy screen when logging into the company’s PC. This policy screen (displayed below) sends a clear, customisable message to members of staff that this machine is monitored and thus acts as a perfect deterrent to prevent infringement of the company’s IT policy.

Educate, Trust and verify using policy screen

2. Automatic feedback mechanism to improve monitoring

e-Safe Compliance offers an easy way for users to give feedback and, where authorised, allows the user to override a restriction by giving a reason. Traditional security systems have two modes of operation: i) restrict document usage, and ii) allow document usage but monitor.

Educate, Trust and verify using policy screen

Restricting document usage prevents users from doing their job, while just monitoring document usage results in the reviewing of a large number of incidents. e-Safe Compliance introduces a third way – “allow users to remove restrictions but require them to provide a reason for doing so.” By allowing authorised users to override restrictions, the users are no longer prevented from doing their job. Furthermore, the reason is used to better tag the sensitive document in future, based on its usage. Most importantly, the override and the reason given are reported directly to the information owner, who will either accept, or choose to investigate, if the behaviour is suspicious.

Educate, Trust and verify by providing reason

Educate, Trust and verify using policy screen

Data security and compliance for remote users

Allow employees to work from home without compromising sensitive data