We’re often warned and reminded about how to prevent cyber security attacks, look out for phishing emails or make our personal accounts as secure as possible. Do we proactively think about this with our internal systems and intranet? While IT teams may be on the ball, there are certainly ways that wider teams can ensure they play a positive role in keeping internal systems secure. In this article, we have highlighted five intranet security best practices to lay the foundation for safe and responsible communication with employees.
Build a secure home network
With so much of the global population working away from offices, whether they’re hybrid, deskless or remote workers with mobile access to company platforms, external wifi networks need to be secure. Employees working from home in any respect will be accessing your intranet through their home wifi network, but if they are on the move, they may use free public wifi networks to connect. These are less secure than those used in offices, and so there should be some clear security measures and rules on how to access the intranet and other work-related systems when away from an office.
Encourage regular updating of strong passwords, with complex number, letter and character combinations as an extra layer of security in case anything infiltrates the less-secure wifi networks. If your company doesn’t already use a digital password manager, consider implementing one that will securely store all your different passwords. This saves on having to remember a whole host of strong passwords, and therefore mitigates against employees using the same password to access everything.
Single Sign-On (SSO) can also help speed up logging into multiple third-party sites, including your intranet, keeping both your internal and external data secure.
Create intranet usage policies
In the same way that other policies are created to keep data secure and ensure employees act responsibly when doing their job, an intranet usage policy is a great way to lay out your rules of engagement and guidance on security best practices. Make sure all of your employees at all levels know that data security is top priority for everyone in the business and is everyone’s responsibility, not just IT’s.
Consider how employees access your systems. For example, should every employee have an approved device to access systems such as your intranet? Perhaps they have an employee app on personal devices which requires extra verification such as two-factor authentication when setting up the app.
Your policy on intranet security best practices could also remind colleagues of the company’s stance on secure wifi connectivity, such as whether public wifi is forbidden when accessing company materials or other sensitive information. This can be discussed with your IT team for a universal approach across internal and external activity. With their support you can identify the best way to take action and communicate this to avoid employee error or negligence through unauthorised access to systems or networks.
Keep track of who has read your policies on intranet security best practices by requiring a digital signature or confirmation of comprehension within your intranet.
Restrict access
Segmenting your intranet users based on their job role, department and their level of involvement in updating the intranet using access controls will help to protect sensitive information.
Intranet managers will require full access in order to ensure the intranet runs as it should with up-to-date information in the right areas. Granting permissions to specific groups of people will ensure a less overwhelming intranet experience as well as reducing the risk of individuals seeing sensitive information they don’t need to see. Streamlining users based on authorised and unauthorised access to each area will in turn reduce the risk of potentially sensitive information being leaked, accidentally or otherwise.
With tailored access controls, most intranet users should simply be able to add posts to shared areas, access resources related to their job, see quick-links for third-party apps and engage with others’ posts. Setting rules for who can edit, add, remove and rearrange content will reduce risk of internal and external information being in the wrong hands.
Secure third party integrations
Modern intranets can allow you to integrate third-party applications for ease of access to all of the platforms your people may use day to day. The user experience is significantly improved when they have all of their daily tools in one place, but be mindful that the more you open your intranet up to, the greater the security risk.
Most third-party integrations should come with their own end-to-end security measures and processes. API-based integrations must have secure endpoints so that private data about your intranet or employees is not exposed. Adding these to your intranet security best practices checklist could save a lot of headache further down the line.
Choose a modern, secure intranet
The concept of keeping internal and external tools secure and training employees on security best practices may sound like a mammoth task, but a lot of it is already ingrained in your business practice.
Getting your IT colleagues involved in discussions around creating a secure intranet is a great start. They will likely have the knowledge of your company’s existing data security measures which can be aligned with those of your internal communications solution.
Oak’s intranet solution is accredited with ISO 27001 for information security management and is Cyber Essentials Plus Certified. As a Gold Microsoft Partner, our platform has security equal to that of everything hosted by Microsoft too. This three pronged certification proves our dedication to adherence to providing you with a secure intranet. This means you can be confident that you are benefitting from intranet security best practices from the outset.
The additional features such as strong passwords, limiting access controls and development of intranet usage and access policies will support your intranet security measures. This should give you peace of mind that your people can safely access and engage with your internal comms, and you can confidently store sensitive information in one secure place, so those who need access, can get it with ease.
To find out more about how you can integrate a modern intranet with your existing practices without compromising on security, get in touch and our team will reach out to arrange a chat or a demo.