Security policies are prone to change, and you need to keep your users up-to-date on those changes so that they won't violate the terms of the policy, but doing so is often easier said than done.
Policy changes can come from internal organizational evolution as well as new external regulations like GDPR. Your approved users are cleared to manage the transfer of sensitive information, but it’s unrealistic to expect all of them to stay up-to-date with constantly-evolving security requirements. Yet at the same time you need some way to not only update these users but also get them to agree to comply with new security policies. The last thing anyone wants is an unintentional security exposure caused by a user saying “I didn’t know I wasn’t supposed to do that!”
An Auditable Sign On Disclaimer for Managed File Transfer
One effective way to ensure user acknowledgement with security policies is to enforce compliance at sign on. Before a user gains access, they’re required to check a box indicating they’ve read and agree to a specified security policy. Since version 2018, MOVEit has included this feature: Ipswitch customers can prompt their end users and administrators to agree to security (or any other) policies, as well as maintain proof of their acceptance.
Logging in With a New Security Notice
Note that anyone who doesn’t check the box is denied access; users MUST read the policy before they can sign in. They only have to do this once, so it’s not making the system more burdensome. Note also that this doesn’t just apply to security policies – administrators can write anything they want in this section.
Customizing the Security Notice
No matter what your organization’s specific needs are, you can develop a specific policy and require your users to agree to it. This is not only a way to enforce your own data security standards (DSS) but also a way to ensure compliance with regulations like GDPR and HIPAA. This also allows you to keep up with changing requirements as every time you change the security policy the user will be required to agree with it next time they log in. Most importantly, this gives administrators an auditable record of exactly which policy each user has agreed to and when.
Sign On Notice Acceptance Report
No matter what your particular policy is, no longer will you have users claim “I didn’t know!” You’ll have proof that they did know and they agreed to comply.
For more details about MOVEit check out the product page here.