But a common misconception is that threats such as data breaches all focus on your external cybersecurity footprint.
We imagine a protective bubble around internal systems because we focus so much energy, time and money on risk management of an external security posture. However, assuming that an internal, private network is secure from a cyber breach is a mistake that can cost a company millions.
When it comes to cybersecurity, the question your IT team might be missing is: How safe is my corporate intranet?
Table of contents: Intranet security considerations
- Why intranet security matters for risk management
- 10 intranet security considerations & best practices
- Download the Intranet Security & Trust Checklist
Let’s get started!
Why intranet security matters for risk management
It seems that with each passing day, bad actors get more sophisticated in their approach to data breaches and data exfiltration.
- Data breach (break in): Unauthorized parties gain access to confidential data (break in) like bank account information and Social Security numbers.
- Data exfiltration (take out): Unauthorized parties gain access to an individual’s or company’s data on a computer or server and copy, transfer, or retrieve it.
In February, Reddit experienced an intranet breach and exfiltration. The incident began with a sophisticated, targeted phishing attack that led the victim (a Reddit employee) to a spoofed website imitating the company’s internal intranet hub. The hacker was in when the victim entered their passwords and two-factor authentication (2FA) code. Yes, corporate data was compromised during this incident.
This crisis prompted researchers at WhoisXML API to look into intranet domains that weaponize the same method as Reddit. In the first three months of 2023, they found some large red flags:
- More than 800 cybersquatting domains target some of the most popular intranet service providers in the country. Less than 1% of these rip-offs had anything to do with the victimized service providers.
- More than 200 domains with the word intranet were added to the list in the first quarter of 2023 — with 3.4% flagged as malicious.
- 60% of intranet domains had publicly hosted (and accessible) login pages.
The recent Reddit intranet breach wasn’t the first and won’t be the last time an internal IT network experiences a cyber hack. Remember the massive ransomware attacks that targeted casino giants MGM Resorts and Caesars Entertainment in September?
Your reputation rides on the cybersecurity footprint of the third-party vendors you partner with. But the latest data is a grim reminder of the threats we face:
- The average cost of a data breach is $4.35 million, according to IBM’s latest Cost of Data Breach Report.
- Cybersecurity Ventures forecasts cybercrime costs to grow 15% year over year through 2025 — reaching $10.5 trillion. Yes, with a “t.”
- Companies fall victim to a ransomware attack every 11 seconds, according to Cybersecurity Ventures.
There is no question the potential attack vector is widening. From remote employees and shadow IT to bring your own devices (BYOD) and an increase in phishing, intranet security requires proactive, consistent vigilance to mitigate cybersecurity risks.
The threat vector is widening, and the risks are higher. Can your corporate intranet withstand this kind of pummeling?
Want to learn more? Check out Verizon’s 2023 Data Breach Investigation Report (DBIR).
10 intranet security considerations & best practices
To manage these risks, evaluating the security protocols of a current or potential intranet site requires some due diligence. The time you spend is always worth the effort. Ten of the most critical considerations and best practices to follow include:
1. Risk reduction with a unified platform
A unified intranet platform like Simpplr combines various aspects of internal communication, collaboration and data management under one cohesive umbrella. Centralizing data storage allows tighter access controls, encryption and comprehensive monitoring. There are fewer points of attack when intranet, native video, digital signage, newsletters, surveys and mobile apps are all on one platform.
2. Certified secure coding practices
Aligning backend coding processes during software development is a crucial intranet safeguard and best practice. Simpplr developers follow industry-recognized standards and guidelines (OWASP, SANS). They actively work to mitigate common vulnerabilities like SQL injection, cross-site scripting (XSS), and authentication flaws that could jeopardize intranet security. Moreover, Simpplr’s SDLC incorporates rigorous processes for review, testing and patching.
3. Independent security ratings
Be careful that your intranet vendor’s security isn’t self-declared. A best practice is to look for neutral, third-party assessments from services like BitSight and SecurityScorecard to regularly evaluate intranet security protocols.
Simpplr has the highest security ratings among these independent risk management companies and remains committed to evolving security safeguards to continue critical best practices.
4. Audited compliance certifications
Selecting an intranet provider that adheres to robust compliance certification by independent auditors is crucial and an intranet security best practice, especially if your organization deals with sensitive data or operates in a highly regulated industry like banking or healthcare.
Simpplr maintains ISO 27001 and SOC2 certifications (not just for subprocessors like AWS but for Simpplr itself) which require annual audits.
- ISO 27001 is an internationally recognized standard for establishing, implementing, maintaining and continuously improving security protocols.
- SOC2 certifies the effective operation of those policies and procedures. That is, a SOC 2 audit certifies they are in use and working to provide data security, availability, integrity and privacy at a service vendor.
Additionally, Simpplr complies with or participates in:
- TRUSTe Data Privacy Framework (DPF) verification (which requires an audit)
- TRUSTe Dispute Resolution
- HIPAA compliant for healthcare
- 23 NYCRR Part 500-ready for financial services firms
- GXP compliant for the biotech, pharmaceutical and life sciences fields
5. Enterprise-level encryption
Data encryption encodes information to make it unreadable without a decryption key. It ensures that even if malicious actors intercept the data, they cannot decipher it without the key. Data encryption software uses Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to protect the information during transmission. Data also needs to be encrypted while it’s at rest.
Characteristics of enterprise-level encryption include:
- End-to-end data encryption both in transit and at rest.
- Centralized secrets management for storing and rotating decryption keys.
- Certified cryptography. FIPS 140-2 Level 3 certified cryptographic modules.
- Secure algorithms and protocols. Look for AES-256 and an application that mandates TLS 1.2 or above.
Simpplr protects client data with strong encryption to prevent unauthorized access.
6. Single Sign-On (SSO)
Single sign-on (SSO) is a best practices because it serves as a critical security requirement by ensuring employee compliance with strong password policies. SSO reduces password fatigue and is usually coupled with multi-factor authentication (MFA).
Externally, SSO is a crowd-pleaser; employees enjoy one easy login for all their intranet activities. But behind the scenes, SSO is hard at work offering a central repository for login activities, which enhances security incident detection — and your response. Administrators can remotely log out users or invalidate sessions if they detect suspicious activity.
Simpplr integrates with any SSO system or identity provider that supports SAML 2.0 or OAuth/OIDC 2.0, such as Active Directory, Okta and hundreds of other solutions.
7. Role-based access control
Role-based access control (RBAC) manages user permissions by assigning roles based on their organizational responsibilities. Each function allows a predetermined set of permissions. RBAC — a critical safeguard against misuse of business-critical data — is founded upon:
- Principle of Least Privilege (POLP) puts end-users on a need-to-know basis related to how much data they can access in your IT infrastructure. POLP intranet safeguards regulate end-user access to the minimum levels needed to perform specific, authorized tasks.
- User permissions are the foundation of access control within an intranet site. These security protocols specify what actions an end-user can conduct, what data they can access, and under what conditions. User permissions can apply precise granular controls essential for maintaining data integrity.
Role-based access control is a crucial intranet security best practice because it streamlines access management by grouping end-users with similar needs.
Simpplr’s RBAC is a secure intranet feature that regulates access by defining employee roles such as “administrator,” “application manager” or “site manager.” Permissions are determined by the function and user, simplifying access management and improving security.
8. Data recovery and mitigation
Data recovery capabilities minimize downtime and ensure business continuity.
From natural disasters to ransomware, IT departments — and the vendors they partner with — must prepare for the risk of an unexpected threat that could disrupt their IT infrastructure.
Unified data platforms like Simpplr often include data backup and disaster recovery features, ensuring that critical information is protected and can quickly restore in case of unexpected cybersecurity or other events.
The foundation of Simpplr’s disaster recovery plan includes geographically separate primary and secondary servers. Simpplr conducts real-time replication to disk at each data center and near real-time replication to disaster recovery centers. This kind of production-driven data center architecture lessens the risk of single points of failure across the entire IT infrastructure.
From an end-user perspective, efficient data recovery is a best practice because it ensures end-users can recover previous data versions to resume business as usual and for auditing and compliance purposes.
9. Data reliability, performance and availability
Data reliability means that the data is there when you need it. From an infrastructure perspective, Simpplr ensures data reliability as well as performance and availability via the following:
Multiple data centers with failover support. Network infrastructure is built around multiple physically separated and isolated data centers, called availability zones, which are connected with low-latency, high-throughput and highly redundant networking. Application services, file storage and databases automatically fail over between data centers without interruption.
Backup and restore. The database infrastructure saves automated backups of the entire database instance rather than individual databases. Instances can be restored if the source database instance fails.
Replication. The database instance uses built-in replication functionality to create a special type of database instance called a read replica from a source database instance. Updates made to the source database instance are asynchronously copied to multiple read replicas. Simpplr can promote a read replica to a standalone instance if the source instance fails.
Load balancing and scalability. Load balancers reduce the load on the source instance by routing read queries to the read replica. Using read replicas, Simpplr can elastically scale out beyond the capacity constraints of a single database instance.
10. Security scalability
The scalability of your intranet security is critical for keeping pace with your workforce, evolving technology and cybersecurity threats. As businesses grow, they need to accommodate more users, devices and applications on their intranet. The scalability of intranet security best practices is critically important in these scenarios.
As a cloud-based intranet provider, Simpplr is infinitely scalable. The Simpplr architecture allows the system to add applications, databases and web servers as end-users increase. What’s more, their secure physical facilities have guaranteed service uptime and bandwidth — suitable for companies in hyper-growth mode.
Download the Intranet Security & Trust Checklist
Want more key intranet security features? Download Simpplr’s Intranet Security & Trust Checklist.
How Simpplr can help
Simpplr offers companies an unparalleled security-first IT infrastructure for corporate intranet services. They incorporate secure development best practices into every phase of the software development lifecycle — from design and coding to testing and deployment. Simpplr developer and cybersecurity teams maintain detailed documentation of secure coding practices and frequently undergo third-party audits or assessments to validate adherence to intranet security best practices. Simpplr’s SLA’s back up these underlying promises to customers worried about the vulnerabilities of their internal networks.
Risk management of your IT infrastructure is a full-time job. Simpplr’s intranet safeguards continue to maintain the highest level of security protocols to protect their clients from data breaches. Request a demo to learn more.