Employees are often reluctant to think about intranet security. After all, it’s supposed to be a closed-off network. However, research has found that 40% of all security breaches are initiated by people working inside the company.
In addition, those managing smaller organisations may also struggle with their intranet security because they don’t have the infrastructure to defend their systems from breaches.
Despite all of this, employees can be the best defence for your company’s network security. If they’re alert and actively participating in the security of your IT networks, then you can secure your system.
Here are seven things to get your staff thinking about intranet security.
1. Turn dull into engaging
One of the biggest problems with intranet security is that staff don’t think it’s very interesting. They often see it as a chore, or at worse, a waste of their valuable time that means they’ll have to work late. This negatively means they’re disengaged from vital security messages and less likely to retain important security information.
Instead, you need to turn security courses, sessions and information into engaging content, via gamification or quizzes, for example, that employees interact with. Two-way communication is important for this part, rather than lectures where staff are talked at and are just there to listen.
Test your employees’ knowledge of intranet security with engaging quizzes
2. Password security
Password security is of the utmost importance when it comes to security. Yet so many people are reluctant to utilise best password practices. In 2018, the most common password was “123456”. The second? “Password”.
Get your staff to have passwords made up of a series of letters and numbers. They should also include at least one special character and one capital. These passwords should also be changed every 30 or 60 days.
Implement a strong password policy in your intranet
3. Employees should not share security details
One of the biggest causes of security breaches is when staff members share security credentials. If one member of staff shares their login details with several people, and there’s a breach, it can be challenging to discover where the problem occurred.
If someone can’t access the intranet because they’ve lost their credentials, they should be referred to IT support. The IT team can then help them gain access to the network again. Sharing should be discouraged and even your intranet policy documents should mention that sharing details is not allowed and what the penalties are if they break the rule.
Use your intranet’s policy management application to detail password usage and sharing restrictions
4. Keep intranet security simplified
One of the biggest problems with intranet security is that companies make it too complex. All intranet security elements should be simple to remember and implement. This makes it easier for employees to retain important information and it helps them implement intranet security procedures more readily.
Look at your current intranet security and see if it is too challenging for your employees. Also make sure you ask employees what they find difficult, and work at ways to make it more streamlined and better for them. Adding a survey or poll to your intranet homepage is a great way to capture this feedback.
5. Keep communications open
An annual meeting about intranet security is not enough when it comes to security. Staff need to be constantly updated on current threats. This can be done in generic communications sent to all staff that detail the current problems and solutions.
Also, staff should be able to raise awareness of threats they think they’ve found. In studies, just under 9% of email recipients who received a malicious email clicked through on a link embedded in the email. Many others also opened the email and read it. Normally, if one member of your staff receives a phishing email, so will others. By offering the means for staff to highlight potentially dangerous emails to IT security teams, you can help reduce this by alerting staff to the potential dangers. Setting up an e-form on your intranet, where employees can report potential attacks to their IT team, is a simple and effective way to do this.
6. Manage access rights
Be sure that all your employees have the right access for their needs to perform their work. For instance, should a sales executive be able to access sensitive HR data? Restricting data to only those that need access is fairly simple as it can be done with a set of file and page permissions. Permissions can be determined by job role, team, location or something else.
Permissions should be reviewed regularly and there should be a process in place where staff can request access. Permissions should also be kept secret. Staff shouldn’t know what others can access, as this can lead to issues.
Manage access to certain documents or areas of your intranet using permissions
7. Remind employees about remote access
Increasingly, employees are using the intranet to access work systems while working remotely. This is great for when they need to work away from the office, but it does pose significant security issues. One of the main problems is when they use the intranet in public places.
Staff need to be reminded of the threats of using unsecured public Wi-Fi areas, and leaving sensitive information, such as passwords and login credentials, in open areas.
Getting your staff to think about intranet security
When you have an intranet system, you need to keep it secure. Losing control or having data stolen from your intranet system can be very costly to your business. Yet your staff can be your best defence. Get them thinking about intranet security every day by not making it a dull, boring subject – but turning it into an engaging discussion that employees can understand and implement easily.