For any large organisation, having your own intranet software is an excellent idea. Helping to cut down on the calls and emails to your human resources department, while creating a multichannel platform that can quickly dispense information and guides to all staff members regardless of where they are, an intranet is an extremely effective step towards a digital workplace. It acts as a great investment with a heavy return in saved time and resources.
However, it is also important to understand how intranets can pose a serious threat to your company security. Managing and protecting your intranet data is therefore an essential step for any business that uses its own intranet, which is at risk not only from external malicious threats but also from internal employees. As such, the private information and sensitive data present on your system need to have an integrated security solution to offer maximum protection. Our experts have compiled a short list of the best tips on how to protect your intranet data in the digital workplace.
1. Ensure the system is pin or password based
While having a single password or employee ID authentication may not be the most secure intranet security in the world, it offers an excellent balance of security and convenience. While dual login and authentication procedures are becoming more common for internal security networks, the need for multiple passwords and the additional time taken for these processes may not be justified for lower level company information. (Those that do wish to implement dual authentication can do so using the Claromentis two-factor functionality – find out more here).
However, it is essential that at least a single password be used to prevent unauthorised access. This should be coupled with log-off buttons which ensure that the information cannot be accessed once a user has finished with it. Your intranet software should also automatically log people off if the system is left inactive for a certain period of time.
2. Monitor users who log in
Once a person has logged in using their pin or password, it is important to keep a record of this, combined with the time they logged in and out. Not only do these records allow you to correlate the intranet users with their usage of the system, but they also allow you to spot any anomalies within the system. For example, if the same user has attempted to log into the system multiple times within the same minute from separate offices, then you know that there is a problem which must be investigated.
3. Restrict access to the most sensitive information
While your intranet should generally contain information which will be useful to all employees, such as system guides and changes to working practices, not all the information will be relevant or necessary to every employee. It is well worth restricting access to sensitive information, including personal contact information or business figures, that are only needed by those higher up within the organisation. This protects the information from misuse by employees, but also adds another layer of protection against anyone who has hacked into your system.
4. Create intranet usage policies
Employees should be encouraged to use the intranet, and the effective usage of the system can significantly improve workplace efficiency and productivity. However, there should be set processes on how to use the system securely. Employees must be educated in the safe and secure usage of the intranet, including ensuring they always log out of the system, do not print any physical copies of sensitive information, and do not attempt to connect with external websites or software from within the intranet portal unless authorised. It is often the case that the weak link hackers exploit in intranet systems is not the intranet itself, but the people who use it, so training new intranet users about secure usage can really help to protect your system.
5. Regularly review and update the information on your intranet
An intranet can be a great place to quickly disseminate new information to all of your staff, but constantly adding new information without any consideration for the information that already resides on the system can be dangerous. Securely deleting sensitive information that is out of date or no longer relevant completely removes the threat of it being used against you. This should be a common practice, especially when there is no need to access it any more. The added advantages of deleting out of date information are that it also reduces the size and memory storage of the overall system, helping to keep costs down and speeds up.
Learn more about intranet best practises by downloading our free advice guidesDownload guides