As the central repository for sensitive information and documents in your organisation, securing your employee intranet from unauthorised access and cyber attacks should be a top priority. With the increasing frequency of attacks from malicious actors, cybersecurity is now the top priority for CIOs in 2023 (according to Gartner). Only recently, Reddit was compromised via their intranet after an employee gave away their login details as a result of a spear phishing attack. To minimise the risk of security breaches, here are some tips:
Keep Active Directory Permissions Up to Date
Active Directory (AD) is a Microsoft solution that manages user accounts and their respective permissions. Controlling and managing user access to various resources such as folders, files, and applications is crucial to safeguarding your intranet.
To reduce the risk of data breaches, access should be limited only to areas related to each employee's role and responsibilities. Updating Active Directory when employees change roles or leave is critical to revoke their permissions and avoid potential threats.
Enforcing strict policies for creating, updating, and deleting accounts, along with strong password policies, can also enhance protection.
Learn more about Active Directory and how to connect your HR platform for a more seamless experience.
Leverage Microsoft Security
The technology powering your intranet plays a vital role in determining its vulnerability to attacks. Utilising the capabilities of Microsoft, such as Injio SharePoint Intranet, provides a range of features that can enhance security. Microsoft has robust security credentials and offers enterprise defense suites for detection and protection, such as Microsoft 365 Defender, which coordinates with a large range of products and services including Microsoft Defender for Endpoint and Microsoft Defender for Office 365 to provide top tier protection.
You can use Microsoft’s Multi-Factor Authentication (MFA) to require users who sign into their account for the first time on a new device or app (like a web browser) to use more than just a username and password. While this extra step may be a little frustrating for employees, this adds an important safeguard.
You can also use SharePoint to create groups based on permission levels. Unlike an AD group, when you create a SharePoint group, it will only be available within the site where it's been created. This can be effective for managing user permission levels in your intranet such as editing, sharing and access levels. In addition, you can use SharePoint to manage the types of devices that can access SharePoint data (more options are available within the admin centre, but this may rely on an Azure subscription), providing extra layers of security and control.
Access control can include:
- Restricting access from devices that aren’t compliant or joined to a domain
- Automatically signing out users from inactive browser sessions
- Allowing access only from specific IP addresses
- Blocking access from apps that don’t use modern authentication.
SharePoint audit logs can also be used to monitor activity across your intranet giving you visibility on which files and folders employees are accessing. This is a great way to identify perpetrators if files are going missing or if they’re being mislabelled.
Educate Employees on Cybersecurity Best Practices
People are often the weakest link in security, making it crucial to educate employees on potential threats and best practices. Incorporating security training into employee induction and regularly updating it to include the latest threats can help raise awareness. Use your intranet to upload training materials and policy attestation to track completion.
Protecting Your Digital Workplace
With the right tools and systems in place, protecting your intranet (and greater Digital Workplace) from security threats is achievable. Don’t hesitate to reach out if you would like more guidance on how to keep your intranet secure.