How to keep an enterprise intranet secure in the remote work age
Hybrid working will define the future of business. As we transitioned to remote work in 2020, business priorities overtook cybersecurity concerns to ensure we could all continue to work productively. Now is the best time to review security systems and learn from Unily's security experts what employees and enterprises can do to keep your intranet secure in the remote work age.
Intranet security tips for remote work
Malware. Ransomware. Trojans and worms. The world of cybersecurity can be daunting for employees.
Technical terms and even more technical processes make it difficult for users to understand the behind-the-scenes lines of defense that underpin their intranet.
This lack of understanding is dangerous, as personal information and enterprise data are all fair game to cybercriminals. To protect your intranet in an age of remote work, we all must work together to make systems and people secure.
To make things simple for employees and offer best practice to organizations, we’re offering our top tips from the security experts here at Unily to keep you and your intranet secure while working remotely.
3 enterprise intranet security tips for employees
Employees may think intranet software security is best left to IT departments, but they have an important role to play in keeping data secure.
"People are always the weakest part of the chain. You can have the best security in the world, but if someone’s written their password on a sticky note, it’s all undermined."
Diligence, caution, and preparation are key to protecting yourself and your intranet. Below are three tips for employees to help keep their intranet secure as they work remotely.
#1. Only use approved devices
Over 1k insecure devices connect to enterprise networks every day in 30% of US, UK, and German companies, per Kaspersky. 80% of surveyed employees use their personal computers for work, despite over half being provided equipment by their employers.
Mobile device management (MDM) and bring-your-own-device (BYOD) policies let enterprises configure devices with auto-sleep functions and appropriate levels of access. Even still, employees should be mindful of their surroundings, where they store devices, and letting friends or family near them.
"Social engineering, such as when criminals spy on confidential information through shoulder surfing, are some of the most common but easily preventable risks to employees."
#2. User permissions keep everyone secure
"User permissions are a two-way street. They keep you secure by limiting your exposure to sensitive data and they give organizations tools to control access and manage potential threats."
Here Alex summarizes the value of permissions in a sentence. When user permissions are properly maintained, they secure everyone on the intranet. Employees should be mindful not to request access to areas and data that outside of the remit of their role, as users with access beyond what they need could be considered a target for cyber threats.
#3. Your passwords aren’t strong enough
Google report that at least 60% of us reuse passwords across multiple accounts. They also found 543m employee credentials for Fortune 1000 companies circulating on dark web forums, a 29% increase from 2020.
Combatting this requires that employees take password protection seriously.
SOC 2 certified intranets offer two-factor authentication (2FA), so employees should make use of this when setting up their accounts. Passwords should avoid common words like company or pet names and require updating regularly. If approved by IT teams, browser plugins like Keeper that randomly generate, store, and encrypt users’ passwords offer unparalleled login security across accounts.
4 enterprise intranet security tips for enterprises
With employees following best practice and keeping your intranet safe as they work remotely, enterprises now need to ensure that access to your systems and data are kept under lock and key. Follow the four tips below to ensure that your platform and the people that rely on it are safe and sound.
#1. Monitor shadow IT and push users to approved solutions
Between February and May 2020, more than half a million people were affected by breaches in which the personal data of video conferencing users was stolen and sold on the dark web, per Deloitte.
Instead of users relying on tools like Dropbox or Zoom that you may not monitor, modern intranets integrated with third-party systems act as a single hub providing access to approved applications. Remote workers can use this as a gateway to the tools they need, knowing their activity is made safe by measures built into your intranet. At the same time, IT should monitor web traffic logs to identify the use of unapproved applications and push these users back to the safety of your intranet.
#2. Create on-demand training resource hubs
Most employees complete cybersecurity training at some point in their career, but with the added pressure on security that hybrid working poses, it pays to remind people of best practice.
Create a dedicated remote working security site on your intranet and fill it with guidelines, access to training and educational content, FAQs, and social channels to act as a forum for security-related questions. This provides employees with a go-to destination for all security concerns.
#3. Review, test, and adapt security controls
Cybersecurity is an ongoing battle that requires enterprises to constantly adapt their processes to ensure the safety of users and intranet data.
Review servers, devices, and integrated third-party applications that your employees use remotely. Ensure they have key security controls, like full disk encryption, antimalware protection, data loss prevention, and endpoint detection applied. Additionally, testing users with your own phishing emails and fake intranet links helps to determine areas of focus and employees that require more training.
"The reality is that you need to help people protect themselves. Use tools available to you to test people – they may not even know that it’s happening – and run campaigns internally. So, you might do telephone calls trying to extradite information about people, or phishing campaigns that try and trick people into changing their Microsoft 365 password."
#4. Target communications to raise awareness
Phishing campaigns and business email attacks have emerged as key lines of attack throughout the pandemic. PwC revealed that 47% of individuals fall for a phishing scam while working at home, while the number of cyberattacks using previously unseen methods has risen from 20% to 35%.
Raise awareness with staff and offer guidance on how to remain secure, targeting communications in line with emerging threats. Also look to create a ‘single source of truth’ destination for all employees to access remote work support, reducing the likelihood of users being enticed to click on malicious lures. As new cyberthreats continue to appear, targeted communications keep your people aware.
"Firewalls or antivirus cannot be the first defense. Common sense and diligence should always come first."
Enterprise intranet cybersecurity never sleeps
The increased threats to your users and data that remote working pose means your intranet security can never sleep. To find out more about how an ISO/IEC 27001:2013 and SOC2 accredited platform helps keep your enterprise safe, speak to an expert today.