Intranet security isn’t always taken as seriously as it should be. Many organisations assume that because it’s an internal network, it’s safe from external threats. Or that cyber attacks only happen to big businesses. But this is a big mistake! Not only is a corporate intranet still vulnerable to external threats but it’s even more at risk of internal threats. And over a third of cyber attacks are now happening to small to mid-sized organisations! Let’s take a look at a few of those in more detail.
External Security Threats
Although most security vulnerabilities are caused by internal threats, this doesn’t mean that external threats shouldn’t be taken seriously. Here are some examples of external threats to be aware of.
A network attack is an invasion on your network, it will analyse your environment, gain unauthorised access to information and exploit any existing vulnerabilities you might have. But you will be pleased to know there is a way to prevent this. The best form of protection is a network-based intrusion prevention system (IPS). An IPS can also be put in place to oversee network traffic and to detect and prevent recognized threats and attacks. It targets any applications which may be being used to gain control or a network or machine.
There are times when your intranet might encounter suspicious traffic. This can include things such as phishing, spam, malware and adware. The most effective way of blocking any suspicious traffic from entering your network is to deploy an effective email filter and firewall. Email filters work to prevent the threat reaching your inbox. It tests any attachments in a safe environment, this prevents any ransomware or malware infecting your network. Firewalls integrate with your email filter and antivirus to give you combined threat protection.
Internal Security Threats
Internal security threats can pose a huge risk to corporate intranets. Aside from deliberate attempts at security breaches, there are many unintentional mistakes made by employees which could lead to security issues.
Make sure the users of your intranet are clued up on good password practice. Your network administrators need to emphasise how important it is for users not to have weak passwords (personal details are not a good choice!), write their passwords down anywhere physically, share their password with anyone else or to never change their passwords. Ensure your system administrators set password expiration dates, account locking after an agreed number of attempts and to train any new employees on your password policies.
A key part of intranet security is making sure the right employees have access to the relevant information. For example, an employee in your marketing department shouldn’t have access to sensitive HR and payroll information. You can have permissions set up on your corporate intranet either by job title, location or department. Access permissions must be reviewed on a regular basis! This is crucial as people who have changed job title, or even more seriously left the business entirely, should not be able to access sensitive information.
Bring Your Own Device (BYOD)
With the need for mobile working increasing, many organisations operate a BYOD policy. BYOD can come with a number of security risks. The biggest concern is that if an employee loses their device, or it gets stolen, company information could be accessed with ease. This could have great legal implications, especially if sensitive client information was accessed. Again here good password practice plays a key role. Also, your IT department should implement remote wiping, so as soon as they are aware that the device could be in the wrong hands, they can wipe the device as soon as possible to reduce the chance of a data breach. As well as this all personal devices should have up-to-date antivirus software.
Most internal risks to your corporate intranet can be prevented by ensuring you have the right protection software in place and also by educating employees. Train every employee on how to send and share documents, search safely and store data safely. Investing in training early on can prevent costly data breaches further down the line.
If you need more information on best practice for intranet security. Or if you’re thinking of deploying a new intranet into your organisation and have some questions get in touch with one of our consultants. [vc_row][vc_column][vc_cta h2=”The Role of a Modern Intranet eBook” style=”3d”]Download our free eBook to learn what a modern intranet could look like in your organisation, how to effectively use enterprise social networking and the important role internal communications play.