Good practices to ensure
the security of your Intranet

How can you mitigate risks and enhance the security of your intranet? Nearly 70% of data breaches result from employee errors. What is an intranet, and what potential threats does it pose?

Free demo Talk to an expert

Heading 2 Link

The Intranet is an internal computer network, which is set up within an organization. While it provides an interactive space where employees can communicate and contribute to the corporate culture, it is unfortunately not without risks. There are threats (both internal and external) to the security of these networks.

How can you protect yourself against it? What are the best practices to put in place to ensure the security of your Intranet? Here are some answers.

What is an intranet and what are the dangers?

Let us remind ourselves more precisely what an Intranet is. It is a private computer network used by the employees of a company (or any other equivalent entity), and which uses the same exchange protocols as on the Internet. In many companies, the Intranet is in the form of a website. It allows employees to exchange documents and information in a secure environment, with access restricted to a defined group. By facilitating daily working life, it thus represents the basic infrastructure of an organization's internal communication.

Because of the personal and confidential data it contains, the intranet requires particular vigilance in terms of security. Especially since nearly 70% of data breaches can be attributed to errors made by employees, even in the absence of malicious intent. Thus, the three main security risks come from :

internal negligence;
unauthorized access by users;
and accidental exposure to the network.

Often too simple passwords are the source of cyberattacks and data hacking. And if the server is accessible via a VPN connection from a private computer (a risk increased by the widespread use of teleworking), there is also a risk that the intranet will be targeted by malicious software. Vigilance is therefore required.

On a legal level, the 1978 Data Protection Act requires organizations implementing files to guarantee the security of the data processed in them. These organizations are therefore obliged to put in place, particularly through their IT department, a certain number of security measures, such as adopting a rigorous password policy, securing workstations and the local network, and restricting access to the premises where the computer servers are housed.

But other measures can be put in place to secure the intranet.

Preventing risks through the choice of tools

A first level of protection must be ensured by securing the intranet. The installation of a firewall is generally preferred: this is a tool that makes it possible to protect the company's network against unrecognized external access. Other technologies can also be used, such as proxy servers. These are computer hardware components that act as intermediaries in the exchange between two hosts. This can be a computer, for example: in this case, only the proxy server has access to the Internet. If users from other computers want to access the Internet from the network, they can only do so through a secure connection to the proxy server.

With a Microsoft 365 Digital Workplace, you have a fully secure environment. To ensure protection against malicious intrusions, you can use 100% secure Microsoft 365 extensions like Mozzaik365, which do not host any customer data.

Preventing risks by supervising, monitoring and controlling the use of the tools provided

Reliable protection against viruses and other cyberattacks requires constant monitoring, updating and supervision of the tools available to employees. In this respect, e-mail needs to be particularly vigilant, as it is a place where hundreds of data items pass through every day. Furthermore, the dissemination of a risk culture among employees, coupled with a monitoring mechanism designed to detect the warning signs of hacking, must be at the forefront of the IT department's missions.

One of the major risks to be prevented is shadow I, where employees make use of tools and technologies not provided (and therefore not regulated) by the company. This practice exposes the company to numerous security breaches by allowing unknown tools to access confidential data. The fight against Shadow IT must be conducted in a variety of ways, in particular by making employees aware of the security issues and by supervising IT use. Thus, the company must make it clear that no employee should use a tool or application without having asked permission from the IT department.

Finally, limiting access to sensitive data should be a priority for the IT department. It is likely that the majority of employees do not need access to the entire company data system in the course of their daily work. Restricting sensitive data to only those who need it therefore reduces the risk of a third party accessing and exploiting the data.

‍

Turn your intranet into a Digital Workplace

Free guide

Training employees in good practice

As we have seen above, the main risk in IT security is human error. This is why users must be trained in good practice. Even more importantly, they need to be made aware of the risks associated with the use of IT tools and the use of unregulated software, tools and applications (Shadow IT). To do this, you can implement an Information System Security Policy (ISSP). This is the document that governs the IT security strategy of your company. Inside it are the security rules and the action plan. What is the objective? To maintain a high level of information security. All documentation is formalized by the Information Systems Security Manager (ISSM). You can find certification guides to help you in your approach.

This awareness-raising can take various forms: sending emails or practical information sheets, collective posting, face-to-face training, etc. It can also be formalized in a document such as the "IT Charter". This document will specify the rules to be respected in terms of IT security and must be accompanied by a commitment of responsibility to be signed by each user. This document must be accessible to all employees.
‍

Implement a crisis strategy to respond immediately to problems

The word "crisis" comes from the Greek word "Krisis", which means the moment when a condition reaches its critical point. Today, the word is used to describe a difficult period for an individual or a group, as may be the case during a cyber attack. According to the French National Authority for Information Systems Security (ANSSI), the number of cyberattacks has quadrupled by 2020. And these events have a considerable cost: Hiscox estimates their average cost at €5,200. Indeed, a cyberattack generates various direct and indirect expenses. Direct costs include regulatory compliance, public relations, improving existing systems, etc. The disruption of activities and the loss of confidence are indirect costs that may affect the company's results.

Anticipation of these periods of crisis is essential for an optimal response. There is no question of reacting entirely spontaneously in this area, at the risk of making serious mistakes.

Thus, crisis management is always prepared before the triggering event. The company's management must, in close collaboration with the IT teams, plan the various crisis scenarios and the responses to be made. These teams must be prepared and trained in crisis management, according to the risks deemed most likely. Such simulations allow them to learn the techniques and procedures, but also to correct any flaws in the responses to security problems.

Finally, when a crisis occurs, it is important to recognize it for what it is: a sudden event that disrupts the normal functioning of the company.

Conclusion

Although intranets have many advantages, particularly in terms of managing internal communication and team cohesion, they are nonetheless vulnerable to cyber attacks. However, the risks inherent in them are not inevitable: by putting in place certain good practices, such as choosing the right tools, supervising computer use and raising employee awareness of security issues, it is possible to protect against them effectively.
‍

Things to remember

📌 Anticipating risk with the right tools;

📌 Use supervision to limit Shadow IT;

📌 Educate your employees.

📌 Plan a crisis strategy

‍

FAQ

Best practices for your intranet security