Intranet Security Matters
No company intranet is complete without the consideration
of intranet security. Here we cover the top three
considerations to eliminate threats.
Intranet Security Matters
No intranet design guide is complete without looking at the issue of intranet security.
Your intranet is packed full of sensitive and confidential business-critical information. Whether you have a do-it-yourself or a cloud intranet, robust security measures are needed to protect that critical data.
Here we cover the main issues to consider to eliminate threats and keep your data safe and secure.
No guide to designing and setting up an intranet is complete without some reference to intranet security.
It may not be the most exciting topic, but intranet security is certainly one of the most important. After all, the intranet is home to all your organization’s files, communications, data, and apps. Often the information will be commercially sensitive. It may involve intellectual property or other proprietary information. Or, it may include personal details about staff members. And so you need to ensure it’s as safe and secure as possible.
Research tells us that cybercrime is a huge problem, especially for small businesses who may not have the specialist IT know-how.
According to CNBC, 43 percent of cyberattacks are aimed at small businesses. However, only 14 percent were able to defend themselves. And the cost of cybercrime continues to grow to an estimated $200,000 on average across companies of all sizes. Many businesses never recover from the ‘soft’ damages that result from cybercrime. The damage done to a company’s reputation and the integrity of its e-commerce platform is a killer blow for many.
In this chapter, we take you through the main intranet security considerations. These issues are relevant regardless of whether you choose an in-house or cloud intranet. You can then be confident your intranet security is robust and meets the minimum requirements.
Before we get started, it’s worth noting that security isn’t just about external threats to your network. Just as important is ensuring that the right staff are accessing only appropriate information.
Now, intranet security is a complicated topic. If you are interested in finding our more detail, then there are plenty of resources and reading on our blog. Check out the security topic for all the details. Here, we provide an overview of what you need to know.
Intranet Security: External Threats
Your intranet may be a closed, private network, but it is still vulnerable to external threats. It might be hackers and cybercriminals. Or it could be malicious software such as worms, malware, and viruses. What countermeasures do you need to have in place?
An essential first line of defense, firewalls provide a protective barrier between your intranet and the internet.
A firewall is a hardware device or software program that filters the information coming through the web and into the intranet. They can be set up to block dangerous network traffic based on a series of pre-set rules.
While far from fail-safe, firewalls are a vital weapon in the fight against cybercrime.
Spam, phishing, spyware, and malware are potential problems your intranet may encounter. These threats are designed to cause maximum disruption. Or they can be used to gather sensitive information and gain access to your private network.
An effective email filter combined with a firewall will help to stop suspicious traffic from entering the intranet.
The problem of computer viruses is an ongoing challenge. The vast majority of businesses will have anti-virus software installed on their networks. However, the viruses are constantly changing, and so it’s essential to remain vigilant. To stay on top of the problem, be sure to update your anti-virus software with the latest version regularly.
Intranet Security: Internal Threats
Other key areas to consider around security are associated with potential internal threats.
This is perhaps the biggest internal threat to security. All too often, users have weak passwords, which they don’t change often enough. And they may use the same password across multiple platforms, or share their passwords with colleagues. Passwords that are easily compromised are a real problem.
Your intranet needs to be set to require employees to change their passwords regularly. Best practice suggests that every 60 days should be the minimum. Encourage staff to use a mix of symbols as well as letters. As an extra precaution, all passwords are automatically hashed by the intranet before they are stored in the database.
Not every worker needs to have access to the same information. For example, Brooke in Sales should not be able to access confidential and potentially sensitive boardroom minutes. Likewise, Brian in Marketing should not be able to view workers’ pay details.
Make sure your intranet can restrict access to sensitive information. Most software uses a series of integrated role-based file and page permissions. This ensures workers can only access information appropriate to their jobs. You can control access by IP address, teams, job titles, or by individual users.
Make sure you regularly review access control measures to be certain they are still appropriate. And make it a priority to quickly delete the accounts of employees that no longer work for you.
Intranet Security Best Practices
Responding to internal and external security threats and protecting your intranet data are critical to the intranet’s effectiveness. Here are some other best practices measures you can take to ensure maximum protection.
Encryption is the process of converting data into an unrecognizable or encrypted form. The best way to do this is by using Secure Socket Layer (SSL) technology. Millions of companies worldwide use SSL, which makes it the industry-leading encryption technology. When you see ‘HTTPS’ at the beginning of a web address, you know the site is secure and is using SSL.
Two-way SSL encryption protects sensitive business documents and information on your intranet. And it will ensure the intranet is safe from unauthorized access.
Many industries worldwide are required to meet compliance regulations, which include special security and privacy protections.
Some cloud intranet providers (including MyHub) use the latest Health Insurance Portability and Accountability Act (HIPPA) compliant applications via Amazon Web Services (AWS). Besides encrypting data in transit, AWS is also meet HIPAA requirements for auditing, backups, and disaster recovery.
Best practice recommends using a layered security protocol with multiple lines of defense. Using the best-in-class privacy features outlined above means your intranet is as strong and secure as possible.
Remote Access Intranet Security
With the growth in staff members working remotely, it’s worthwhile spending a few moments to consider the security implications.
Intranets are now being accessed outside of the standard workplace by employees working on the road or remotely. Often these employees are using their personal smartphones, devices, or tablets rather than company-issued devices. And so, businesses need to take special steps to ensure security is maintained with remote access.
As a minimum, the organization should insist on staff installing the latest anti-virus software on any device used to access the intranet. It’s also worthwhile considering personal firewalls.
There are security risks associated with workers remotely using the intranet via public Wi-Fi networks. These public networks mean that company information and data could be vulnerable to hacking or interception. In addition, if an employee’s mobile device is lost or stolen, then there could be severe consequences for the safety of your data.
There are several security measures you can take to minimize the risks. Implementing the latest secure access technology such as SSL, VPN (Virtual Private Network), and firewall software are essential. These measures will protect against security risks and unlawful interceptions as well as safeguarding against virus attacks.
Furthermore, automatic time-outs and preventing log-in details from being saved by the device are other ways to reduce the risks.
Staff Intranet Security Awareness
It’s vital employees understand the basics of digital security, including how to keep online information safe and secure. Ensure staff understand the importance of choosing strong passwords, know how to share information safely, and are wise to potential phishing attempts.
A strong awareness amongst the workforce will help to improve intranet security. So, as well as general security practices, employees should be familiar with company policies about sharing files, distributing information, remote working, and any other potential security issues.
Nowadays, intranets are used to provide gateway access to external enterprise systems. It might be Salesforce, Box, G Suite, or Office 365. The intranet’s single-sign on is a great advantage. However, it also makes it more important than ever for employees to remain vigilant to security threats. Basic training for staff in digital safety could well be worth the investment.
Intranet Security Summary
When it comes to intranet security, we have provided only a brief overview of the issues to consider. The bottom line is that intranet security is a highly complex area. And with changing technology plus emerging viruses and new threats, it is constantly evolving.
It’s a full-time job keeping up with developments. Even well-resourced IT departments in large companies struggle to keep on top of intranet security.
Intranet security may not be the most interesting element to your intranet deployment. But, as we will see, it could be a significant factor influencing your choice of intranet.
Cloud-hosted Solutions vs. Onsite Intranets
If your business has opted for a do-it-yourself intranet hosted on the company server, then intranet security is entirely your responsibility.
It could be making sure you have firewalls with the right rules, setting up SSL connections, or HIPPA compliance. Whatever the security issue, it will be all down to you. And this includes taking care of updates and backups.
What’s more, you will need to stay ahead of the latest security threats, technologies, and countermeasures. It’s quite a daunting prospect, right?
However, it’s a different story with a cloud-hosted intranet solution.
By comparison, it’s the intranet software provider that retains responsibility for security.
This means that all your important, sensitive company data remains secure, hosted in a private cloud. The content is delivered securely via SSL and the web browser.
Furthermore, the cloud’s security features regularly undergo independent security audits. And so, you can have complete confidence in the security and confidentiality of your data.
In addition, the intranet provider has a level of knowledge and expertise that is unlikely to be matched within your business. The intranet provider’s reputation and brand depend on their ability to deliver in terms of security.
It’s highly unlikely you would try and repair an electrical fault in the workplace without using the expertise of a qualified electrician. And yet, with an off-the-shelf intranet, you could be doing just that.
So, why risk the security of your intranet when you can have the assurance and expertise of a cloud-hosted solution?
Whatever intranet option you choose, make sure your deployment team includes certified information security professionals. Every successful intranet requires industry-leading security protocols and controls. And if you don’t have that level of internal expertise readily available, then a cloud intranet provider will do.