The issue of intranet security is usually met with stifled yawns or glazed eyes when it’s mentioned in the office. Often there’s an assumption that because it’s an internal network, the intranet site is somehow magically secure from viruses and hacking. But the issue of intranet security goes beyond external threats. Ensuring that the right staff are accessing the right information is also an important part of intranet security. In this article, we look at what you need to be doing to ensure the security of the office intranet.
Intranet Security: External Threats
Even though the intranet is a closed, private network, it is still susceptible to external threats from hackers or malicious software including worms, viruses, and malware. Below we examine some of the external threats to the intranet and how to address them.
Network Security Threats
It’s best to use a firewall to mitigate against external threats. In simple terms, a firewall is a protective barrier between the intranet and the internet. It is a software program or a hardware device that filters the information coming through to the intranet from the internet. Firewalls may decide to allow or block network traffic between devices based on the rules that are pre-configured or set by the firewall administrator.
Firewalls provide security for a number of online threats, and while they cannot guarantee against all threats, they are an essential first line of defence.
From time to time, the intranet may encounter suspicious traffic such as spam, phishing, spyware or malware. Using an effective email filter and firewall will help to block this suspicious traffic.
Most organizations understand they need to have anti-virus software installed. However, the threat from viruses is constantly changing, and so it is vital that you regularly update the software with the latest versions.
As well as external threats to intranet security, there are a number of internal threats that need to be addressed.
Intranet Security: Internal Threats
Too often users have weak passwords, share them with colleagues, never change them and sometimes they even write them down or tape them to their PCs! The intranet should be set up so that employees are required to change their passwords on a regular basis (every 60 days should be standard) and to use passwords of a minimum length and a combination of letters, numbers and keyboard symbols (for example, H2pl#5%).
Are the right employees accessing the right information? Brian in Sales should not be able to access sensitive boardroom minutes. Similarly, Jenny in Marketing should not be able to view employees’ pay details. Access to information can be secured on the intranet via a series of file permissions and page permissions. These permissions can be set by a job title, team function, geographic location – whatever is appropriate for that data.
Allied to this is the need to ensure that permissions are reviewed on a regular basis. There have been instances where employees have been able to access sensitive information by a job role they had some ten years ago! Likewise, employees who no longer work for the company must have their access deleted as soon as they leave.
Encryption is the process of converting data to an unrecognizable or “encrypted” form. It is commonly used to protect sensitive information so that only authorized parties can view it. Secure Socket Layer (SSL) is the standard encryption security technology used by millions of companies around the world, particularly for online shopping. When you see HTTPS at the beginning of the web address, you know that your connection is encrypted and is using SSL.
Encryption will protect sensitive business documents and information. So you can be sure, for instance, that the R&D program with the latest product information and upgrades is secure within the intranet from unauthorized access.
Health Insurance Portability and Accountability Act: Some cloud hosting companies such as MyHub offer the latest Health Insurance Portability and Accountability Act (HIPPA) compliant applications via Amazon Web Services (AWS). AWS is used to encrypt data in transit and also has features that can be used to meet HIPAA requirements for auditing, backups, and disaster recovery.
Increasingly intranets are being accessed outside of the standard office environment by employees either working on the road or working from home. Often workers are doing so using their own personal smartphones, devices or tablets. Special steps are required to ensure security is maintained with remote access.
As a minimum security measure, the organization should be insisting on staff installing the latest anti-virus software and possibly even a personal firewall on their own devices that they are using to access the intranet.
Also, workers remotely using the intranet via public 3G, 4G, or Wi-Fi networks can mean that company information and data is vulnerable to hacking or interception. And what about the risk if an employee’s mobile device is lost or stolen?
There are, however, a range of measures that can be taken to mitigate the risks. Adopting secure extranet access technology such as SSL, VPN (Virtual Private Network), and Firewall Software can protect against security risks and unlawful interception as well as safeguarding against virus attacks.
Furthermore, methods such as automatic time-outs and preventing log-in details from being saved by the device are more straightforward ways to mitigate the risks.
As you can see, the world of intranet security is highly complex and is constantly changing with the advancement of technology and new viruses and threats. It’s a full-time job keeping up with it, and even well-resourced IT departments in large companies struggle to remain up to date. That’s where cloud-hosted intranets have a significant advantage.
Cloud-hosted Solutions vs. Onsite Intranets
If your organization is hosting the office intranet via a company server, then the responsibility for intranet security rests entirely with you as an organization. Making sure you have firewalls with the right rules, SSL connections, HIPPA compliance, updates, and backups will be down to you. Keeping abreast of the latest threats and technologies is also all down to you. It’s a quite a daunting prospect isn’t it?
With a cloud-hosted intranet solution in comparison, the intranet software provider has the responsibility for intranet security. Important and sensitive company data remains secure as it is hosted in a private cloud with the content delivered securely via SSL and the web browser. The cloud’s security features regularly undergo independent security audits to ensure the security and confidentiality of your data.
Furthermore, the intranet provider will have a level of expertise that is unlikely to be matched in a corporate setting. It is in their interests – indeed, their reputation and brand depend on their ability to deliver in terms of security. You would be unlikely to try and repair an electrical fault in the office without using the expertise of a qualified electrician. In a similar way, why risk the security of your intranet when you can have the assurance and expertise of a cloud hosted solution.
If you are looking to ensure the security, integrity and confidentiality of your company intranet, then contact MyHub to see how a cloud hosted intranet could be the answer.