If your organisation stores data online, recent headlines have surely got you scrambling to make sure your security is in tip-top shape. Designing intranet security has always been a matter of keeping the virtual doors and windows locked up tight. However, balancing the need to share and collaborate with managing the sensitive data needs to be well considered.
Who would have thought ten years ago that so many workplaces would be storing their information online? Even some client-facing roles have shifted into the digital space permanently. Entire relationships, from consultations to workshops, are happening via video chat. And with this incredible shift to hybrid and digital workplaces, so much more data is now stored online.
Once upon a time the intranet was barely more than a shared drive in the cloud, home to documents, templates, and files. Your team would log-in from their in-office computers, uploading and downloading things as needed. However, as employees are joining the organisation from geographically diverse locations, intranets have had to become more sophisticated. Now intranets are an online office, a hub for team members to gather. Here they collaborate, read company updates and share community celebrations, and access the tools they need to do their jobs.
With this international migration of data and information online, protecting what is stored and shared across your intranet is now critical. Consider what is uploaded; emails, contracts, personal details, financial information, policies and procedures, and so much more. And your employees must access all of it to get their work done. How can you ensure that when they log in that they’re not vulnerable to online threats and scams?
Modern intranets are cloud-based and require personalised logins for each employee. The strength of this login process will determine how vulnerable your intranet is.. Many organisations believe that they are too small for their data to be of value. But the price of personal data – even names, email addresses, and phone numbers – can fetch a high price from the wrong people. Regardless of your organisation’s size, you owe your employees and clients robust intranet security.
There are lots of intranet security threats that organisations need to protect themselves against, both internal and external. Unfortunately, a significant percentage of data breaches are due to employee error. This could be because they’ve only got a simple, one-step login process. It can also be attributed to external devices (with low security) being connected to the secure network. Additionally, they could be oversharing details (regardless of intent) outside of the organisation, on LinkedIn or other social networking sites.
Therefore, it’s vital to design intranet security and thoroughly educate your employees. Proper training and taking extra precautions can reduce the chances that negligence or accidents will result in a significant security breach.
Modern intranets are usually designed with added security measures to prevent unauthorised access. You may already be using some, such as multi-factor authentication – username/password, and a unique code sent to another device/account. You may also encrypt data, especially when it’s being sent out to employees or clients. At Propelle, we help organisations develop top-tier SharePoint intranet security. Below are some of the tried and tested techniques that we use ourselves to keep our clients and team safe.
Regardless of whether your workforce is based from an office or home, this is a big point. Home Wi-Fi networks are typically less secure than office networks, but in both scenarios you should explain (face-to-face and in writing) your expectations. Emphasise the importance of strong passwords that have a mix of letters, numbers, and symbols. Passwords should be changed regularly, ideally every 90 days, and must never be shared with anyone outside of the organisation.
For remote workers, get your employees to ensure others cannot sight these passwords or access company information. You may also ask your employees to use a separate network or the company’s VPN when they are connecting to the intranet. You may need to provide step-by-step training on how to use these.
Employees keep in touch with each other online in multiple ways, mainly via email or instant messenger apps. Hackers are aware of this and have created scams where they impersonate people from the company with closely matching email addresses. They can then request confidential data like client details, financial information, or even logins. The way to combat this is with education, ensuring your employees are aware of current and emerging scams. They should always verify that the correct email address is being used (spelling, formatting, etc.). If in doubt, they should contact the supposed sender via another method. If it’s an email, head over to their desk, give them a call, or IM to check if they really sent the suspicious message.
This awareness starts with implementing security procedures, including what happens if they think they’ve fallen for a scam. With your in-house IT team, or with a trusted IT partner, develop a company-wide policy that explains the next steps. This will likely include alerting their manager and the IT department so that heightened vigilance and lockdown measures can occur.
We understand that the purpose of the intranet is for employees to access everything they need. However, this doesn’t mean that every employee or external contractor needs access to everything. Compartmentalising who has access to things means that you’re minimising risk and can keep track of who is using what.
Teaming up with an experienced IT partner is the first step to high-end SharePoint intranet security. Propelle has helped organisations across Australia and internationally protect themselves and their people. Our consultants have experience across a multitude of industries and bring a unique perspective to the types of threats your organisation may face. When you want to design SharePoint intranet security that works, Propelle is here to help.
© 2024 Propelle Pty Ltd
