It’s Cyber Security Month! The event, now in its 18th year, has the theme ‘Do your part. #BeCyberSmart.’
A digital workplace is an unrivalled resource for employees to access all the tools and data they need to do their jobs effectively, even when working away from the office. With everything stored centrally in an intranet, access is through one log-in to one single platform; but, does this make hacking easier for cyber criminals?
When it comes to corporate security, it’s important to consider factors such as employee error and unauthorised user access. Internal security is just as important as external threats when it comes to data breaches.
Cyber security is at the heart of everything we do here at Attollo Intranet – it’s a consideration in the way we write our code, manage our teams and publish updates to our public content delivery network (CDN). Every piece of functionality we offer is aligned to our core values.
So as part of cyber security month, we’ve put together five things you should consider with a new intranet.
Who has ownership of my data?
Consider the type of information you’ll be storing with your intranet. What is the significance of it? Is it HR? Just blogs? Highly sensitive information? With Attollo, your data is held by you. You have complete ownership of it.
If you choose a SaaS (Software as a Service) provider, it’s likely that your data will be held on their servers and under their control.
If you choose to cut ties or fail to pay for the service, your access can be turned off. You could end up in court trying to get your data back. If you decide you want to move from your current intranet platform, how do you extract your data and move it elsewhere? A migration job is difficult, as data is not always easily transferable.
With Attollo, your content remains in your Office 365 tenant – even if you cease working with us although we’re sure you won’t – your data stays in your control. In this environment, you are fully protected by all the security controls that Microsoft implements on its core platform.
Where is my data?
If you choose to use an external provider to host your data, where is it actually held? It’s important to ask where the servers and data servers are and whether your information is distributed around the world. What happens when your content crosses border to be hosted in the US, China or India?
Attollo sits on SharePoint and that means it reaps all the benefits of Microsoft 365 Security. With Attollo, the content is hosted in your Office 365 tenant. You agree with Microsoft which locations are acceptable on sign-up.
Who can access my content?
There are two things to think about here: authentication and authorisation.
Authentication ensures that only the people who should have access to your systems can get into them. But this doesn’t necessarily mean blanket access to every area of your intranet.
Authorisation then comes into play to ensure people can only access the area they are entitled to see.
A good intranet should allow administrators to implement permissions which enable or disable access to certain groups, areas or documents. By securing access to confidential or sensitive information, your business can ensure its content is safe.
Attollo offers single sign-on whereby users can choose one complex password instead of several simple ones and are defined in one authentication platform. This means they need to be synced to an external provider, which can cause delays.
We also offer multi-factor authentication as a key feature so the user must approve the sign-in on their mobile device. Even if a hacker did get the password, they’d need the second factor to access your intranet.
How good are the web development practices of my new intranet provider?
Web solutions should be created to restrict and reduce the likelihood of cyber-attacks. A few of the techniques we deploy at Attollo include:
- Validating user inputs to eliminate the ability to run script injection attacks
- Checking user permissions before allowing access to different content
- Only allowing authorised clients to run services across the internet
- Building DevOps processes to automate processes to reduce human error
Should I provide security training for staff?
In short, yes! Staff should be reminded of the need to choose strong passwords, be shown examples of phishing attempts and how to safely access data. Ensure your company’s rules are widely distributed in relation to commenting publicly, sharing files and working remotely.
Passwords should never be shared in a public area, such as a forum, even within the intranet.
Need more help?
We can deploy award-winning Attollo Intranet within two days. And have it branded to match your company within a week. Sound good? Give our experts a call today or drop us a line on firstname.lastname@example.org.