Remote working is laden with benefits for companies and employees alike. But employing a remote workforce isn’t immune to its own set of problems, and intranet security is among the top concerns. Corporate security is enough of a challenge when company secrets remain, for the most part, confined within physical office spaces. When employees bring their work home, this creates a thousand new opportunities for security to become compromised.
As we always say, technology is the real catalyst that makes remote work possible, and there are ample tools available to help you manage security with a remote workforce. These tools combined with intranet security best practices will help your organization drastically reduce the risk of compromised security. We’ve compiled a list of our top ten working from home security tips: five that fall under the responsibility of the employee, and five that can be implemented by the company.
Why intranet security is important
Today’s digital workplace is a singular hub through which employees can access all the tools and information they need to do their job. Everything from emails to data is stored in a cloud-based internal network that employees can easily access with one login. While this cuts down on wasted time for your workforce, it means that hackers and cyberthieves only have to gain access to a single entry point in order to view your entire organization’s data.
Common internal and external threats
Of course, hackers and cyberthieves are a major threat to corporate security. But there are many other intranet security threats that companies need to protect themselves against – both internal and external. For example, close to 70% of data breaches can be attributed to employee error, whether or not malicious intent is involved. In fact, the top three causes of compromised security are considered to come from internal negligence; unauthorized user access and accidental web exposure are also among leading sources.
With this in mind, it’s important to keep your intranet security as guarded from the inside as it is from the outside. Proper training and precautions can help significantly reduce the chance that internal threats will lead to a compromising security breach.
5 ways remote workers can participate in intranet security
With the knowledge that employee error causes most data breaches, it’s imperative that employees take an active role in managing intranet security. These measures should be communicated with thorough training to explain the importance of security and clearly establish expectations.
At the same time, make sure you’re not creating a culture of blame that makes employees afraid to report potential breaches. Intranet security for remote workers should be a collaborative approach in which everyone takes a role. Mistakes will happen; the idea is to minimize them through better awareness.
1. Set up a secure home network
When employees work from home, they have to use their home Wi-Fi network to connect to the company intranet. These networks are typically much less secure than office networks for many reasons. First, employees sometimes set weak passwords for their network or neglect to password-protect their network at all. There’s also the potential concern of other family members connecting their own devices and opening a door for hackers.
For example, a child’s gaming console could be a weak point for a cybercriminal to gain access to the entire home network and anyone connected to it. One possible workaround is for employees to create a separate network for their work devices, which can be done with most modern routers.
Companies should communicate minimum expectations for home network security, such as password strength, whether a separate network is required, and whether a VPN should be used. Alternatively, some companies may choose to supply their employees with secure mobile hotspots to avoid using home networks in the first place.
2. Set strong passwords (and change them regularly)
Password strength is one of the best ways for employees to protect data security. While companies can automatically set minimum standards for intranet passwords, such as a minimum number of characters or the use of special characters, it’s up to the employee to use them responsibly. For example, employees shouldn’t reuse passwords they use for other logins and should change their passwords every few months. While remembering these passwords can be difficult, make sure you remind your employees not to use password managers without running them by IT first.
3. Beware of phishing scams
Since remote employees communicate primarily via digital methods such as email and instant messaging, phishing is a major risk. Hackers sometimes impersonate company leaders and send employees messages containing malicious links or asking for secure data. Employees should be made aware of the warning signs of phishing and should never click a link, open a file, or respond to a message without confirming the sender’s identity. If the email address comes from a non-company domain, there’s a good chance it’s a phishing attack.
4. Secure devices physically
When taking steps to protect intranet security against virtual attacks, companies often forget that physical theft is also a threat. Employees should never leave work devices like laptops or smartphones unattended in an unsecured location. For example, devices should never be left in plain sight in a parked car, whether locked or unlocked. If the employee leaves devices at home, doors should always remain locked.
5. Only use company-approved devices and apps
Employees sometimes find that company-provided technologies aren’t sufficient and instead decide to innovate their own solutions. This practice, known as shadow IT, opens the company up to intranet security vulnerabilities by granting unknown apps access to sensitive data. Employees should never use a device or app without first asking for permission and having the technology vetted by IT. Even checking company email from an unsecured personal device could be an opportunity for a data breach.
5 ways companies can facilitate intranet security
1. Establish a company-wide security policy
Your company may already have a security policy in place, but has it been updated to address intranet security for remote workers? Take the time to review your policy and make sure it reflects employee expectations while working from home, approved devices and technologies, and a clear process to immediately report potential breaches without fearing retribution. The policy should also outline steps for a rapid response to limit exposure if a breach does occur.
2. Stay on top of updates
Software developers regularly release updates as they identify emerging threats and security vulnerabilities. For example, Microsoft issues dozens of updates every month for everything from its operating systems to its digital workplace tools. However, companies must install these updates in order to stay protected. Make sure you’re checking for updates regularly or, better yet, setting them up to be installed automatically.
3. Use mobile device management software
Mobile device management (MDM) software is a type of software that allows employers to track and retain control over company-issued devices such as smartphones and laptops. This plays a vital role in intranet security for remote workers by providing a variety of functions such as restricting access to harmful sites, managing security updates, and remotely locking and wiping devices in the event that they are stolen or an employee parts ways with the company. Some companies install MDM software on employees’ personal devices if they are allowed to use these devices for work; if this is the case, the employee should be informed and consent to the installation of such software.
4. Limit access to sensitive data
There’s a good chance that the vast majority of employees in your organization don’t need access to the company‘s entire data system. An important step in establishing intranet security best practices is limiting access to sensitive data only to those who require it. By restricting this information, you’ll reduce the chance that someone with bad intentions can access and potentially expose private data.
5. Keep things simple
Employee participation in intranet security is a key step to protecting sensitive data. But companies should strive to make security management easy and simple for employees. Individuals with low digital dexterity are particularly susceptible to feeling frustrated or overwhelmed by complex tasks, such as configuring their home Wi-Fi network or setting up intricate software. Overly complicating things increases the chance that remote workers will ignore security measures entirely, opening themselves up to vulnerability. Try to automate and manage security remotely whenever possible and leave employees with a short list of clear and simple actions to take.
Managing intranet security for remote workers doesn’t have to be complicated. This list of working from home security tips is a good place to start, but is your intranet doing the heavy lifting for you? Powell 365 is an intranet solution that helps you leverage the best of Office 365 security solutions with multi-factor authentication, automatic logout, governance, and more. Schedule a demo to ask our team how Powell 365 will protect your company’s sensitive data.