Workplace from Meta is closing, names Workvivo by Zoom as ONLY preferred migration partner.

The Ultimate Guide to Intranet Security: Best Practices, Threats & Solutions

Lisa Ardill

Content Editor at Workvivo

29 Jun 2024

Company intranet security breaches can lead to significant financial losses. Learn how to keep your intranet secure with this expert guide.

An intranet is a private network accessible only to an organization and its staff. You can think of this as a ‘private version of the internet’ where employees can create content communicate and collaborate.

What is intranet security?

Intranet security refers to the measures and policies organizations put in place to protect their internal network – the intranet – from unauthorized access misuse and/or other threats. The goal here is to ensure that the network and the data it carries are used in a secure and reliable manner.

For the most part intranet security involves a combination of technical measures organizational policies and continuous monitoring to meet security standards such as GDPR ISO 27001 and SOC2.

Technical measures might include firewalls encryption anti-virus software and intrusion detection systems that protect the network’s integrity. This ensures data security for both company and employee data.

Organizational policies involve defining user access levels regularly updating and patching systems and training employees on information security best practices and threat awareness.

This is mainly because company intranets often house business-critical information (such as proprietary data). As such security breaches can lead to significant financial losses damage to reputation and operational disruptions. Unlike external threats that target broad networks intranet security must also contend with potential insider threats making it a unique challenge. This includes ensuring that employees do not accidentally or maliciously leak or compromise data.

Related → Intranet vs. Extranet: Breaking Down the Differences

What are the common intranet security threats?

Malware and viruses

Malware coined from ‘malicious software’ is designed to infiltrate damage or disrupt systems. In 2023 Malware attacks peaked at 6.06 billion per year – a 10% increase compared to recent years.

Unfortunately intranet platforms are susceptible to malware and viruses due to their self-replicating nature which allows threats to move laterally across the network.

This happens when malware infects one computer and then uses the connections within the network to spread to others. This spreading is easier because of common network vulnerabilities like insufficient segmentation uniform security configurations or the reuse of credentials across multiple systems.

Since intranets connect many of an organization’s important computers and store sensitive information once malware gets in it can quickly move around and cause a lot of trouble.

Recent Incidents A joint breach involving a ransomware attack led to the exposure of personal and financial data of numerous clients​.

Phishing attacks

Phishing attacks involve attackers using deceptive emails, messages or websites to trick individuals into revealing personal information such as passwords credit card numbers and other sensitive data. The aim of a phishing attack is usually to steal identities, commit financial fraud or gain unauthorized access to systems.

Here’s how a phishing attack works: Attackers send emails or messages that appear to come from a legitimate source such as a bank a well-known company or a trusted individual. These messages often create a sense of urgency or fear prompting the recipient to act quickly.

The phishing message typically includes a link that directs the user to a fraudulent website that mimics a legitimate one or it may contain an attachment that once opened can install malware on the user’s device.

On the fraudulent website, victims are usually prompted to enter personal information which the phishers then capture. Alternatively malware delivered via an attachment may harvest data directly from the user’s device.

Recent Incidents Late last year the City of Fort Lauderdale was the target of a $1.2 million phishing attack.

Insider threats

Not all threats come from outside an organization. Insider threats come from individuals within the organization who have legitimate access to the intranet but misuse their privileges intentionally or unintentionally. This can result in significant harm by leaking or manipulating sensitive information.

A disgruntled employee for instance might misuse their access to sensitive information on the intranet to exact revenge or for personal gain.

Did you know? More than 74% of organizations are vulnerable to insider threats.

Recent Incidents In May of 2022, a Yahoo employee stole proprietary information about Yahoo’s ‘AdLearn’ product for a competitor.

Unauthorized access

Unauthorized access involves gaining entry to the intranet without permission. Common methods include exploiting weak passwords which may not be sufficiently complex or are reused across multiple accounts making them easier for attackers to guess or obtain through brute force attacks.

Additionally attackers may exploit vulnerabilities in outdated software that has not been updated with the latest security patches allowing them to bypass security measures.

Another common vector for unauthorized access is through stolen access credentials. Cybercriminals can acquire these credentials through phishing attacks tricking users into providing login details or using malware to capture keystrokes.

Once inside the centralized nature of intranets means that gaining access to one part of the network provides pathways to access other areas. This can lead to widespread data breaches compromising sensitive corporate data and personal employee information.

Recent Incidents Hackers gained unauthorized access to the personal information of about 230000 individuals through the University of Michigan system.

Distributed Denial of Service (DDoS) attacks

DDoS aims to overload systems and make them unavailable to legitimate users. These attacks can be particularly damaging because they don’t need to breach set security systems to affect operations.

There are three forms of DDoS attacks:

  • Volume-based attacks – These are the most common form of DoS attacks where the attacker floods the network with a substantial amount of seemingly legitimate traffic to saturate the bandwidth. This can be achieved through tactics like ICMP floods (Ping attacks) or UDP floods.
  • Protocol attacks – These include SYN floods, Ping of Death, and fragmented packet attacks which exploit weaknesses in the network protocols to consume server resources and disrupt the service.
  • Application layer attacks – These attacks target applications with seemingly legitimate requests at a rate that overwhelms the application. These are harder to detect because they mimic regular user traffic but aim to exhaust application resources like memory and CPU.

Recent Incidents Early this year hackers launched a DDoS attack on the Pennsylvania court system, knocking out filing systems and the bail payment site.

Internal threats to intranet security and how to mitigate them

Insider threats and user behavior analytics

Problem: Insider threats

Insider threats pose a significant risk to intranet security stemming from employees who knowingly or unknowingly engage in actions that compromise network safety.

These threats can include malicious actions such as data theft or simply careless behaviors that leave the intranet vulnerable to external attacks.

Solution: User & Entity Behavior Analytics (UBA)

UEBA tools monitor and analyze employee behavior to detect anomalies that could indicate a security threat.

In simpler terms, it’s spotting what’s normal vs what’s abnormal.

Here’s how it works: 

UEBA systems analyze patterns of user activity to establish a baseline of normal actions and then flag behaviors that deviate from this norm.

For instance, it considers patterns like login times the volume of data typically accessed or transferred and the apps most frequently used.

In a case when the system detects an anomaly it generates alerts to inform security teams.

Depending on the severity and the system's configuration, it can also automatically initiate response actions. These might include temporarily restricting user access prompting for additional authentication or flagging the activity for further investigation.

Weak passwords and Multi-Factor Authentication

Problem: Weak passwords

Weak passwords often serve as easy gateways for attackers looking to gain unauthorized access to business systems and data.

A weak password might be overly simple commonly used or too short making it susceptible to brute force attacks or other cracking techniques.

Solution: Single-Sign-On (SSO) and Multi-Factor Authentication (MFA)

Combining SSO with MFA enhances security while streamlining user access. SSO allows users to log in once and gain access to multiple systems without needing to authenticate again simplifying the user experience and reducing password fatigue.

MFA builds on this by requiring users to provide multiple forms of verification before gaining access even within the SSO framework.

Together SSO and MFA create a security barrier strengthening your organization’s defenses by making unauthorized access much more difficult – even if a password is compromised.

Pro Tip Make sure your organization enforces strong password policies that require the use of long complex passwords and mandate regular password changes.

Unpatched software and patch management

Problem: Unpatched software

Software vendors frequently release updates or ‘patches’ that fix vulnerabilities they discovered in their programs.

However when these patches are not applied promptly it leaves systems open to exploitation by hackers who are aware of these vulnerabilities and actively seeking to exploit them.

Solution: Patch management

Patch management is the process of identifying acquiring testing and installing multiple patches (code changes) on existing applications and software tools to correct security vulnerabilities and other bugs.

This process helps protect systems from known vulnerabilities that hackers could exploit maintaining the integrity and security of the software.

Pro Tip Before deploying a new update test the patch in a controlled environment to ensure they do not cause issues with existing systems.

Inadequate access controls and role-based access control

Problem: Inadequate access controls

A system access control is inadequate when it fails to limit who can see and use various resources within the network allowing employees or outsiders more access than necessary which can be exploited for malicious purposes.

Solution: Role-based access control (RBAC)

RBAC is a method where access rights are granted according to the user's role within the organization and based on the principle of least privilege. It ensures that users receive access only to the information and resources necessary for their job functions.

RBAC typically works by assigning permissions to roles rather than individual users. These users are then assigned roles and automatically inherit the permissions associated with those roles.

This approach makes onboarding and offboarding employees more efficient and reduces the likelihood of errors.

Workvivo Nuggets The Principle of Least Privilege is a security concept that advocates for providing users systems and processes with the minimum level of access necessary to perform their functions.

Lack of security awareness and training

Problem: Lack of security awareness

Without proper training, employees may not recognize security threats understand the importance of security protocols or know how to respond to security incidents.

This oversight can lead to risky behaviors such as falling for phishing scams mishandling sensitive information or inadvertently downloading malware.

Solution: Training

Conduct regular training sessions that cover current and emerging security threats company-specific security policies and safe practices for handling data.

For example, you can simulate phishing attacks or other security breaches to test employees’ knowledge and readiness. These exercises help identify areas where they need additional training.

Pro Tip Gamify the learning processes through quizzes surveys and feedback to measure employees’ understanding of the content.

Shadow IT and network monitoring

Problem: Shadow IT

Shadow IT refers to using information technology systems devices software applications and services without the approval of the IT department.

This poses significant security risks as unmonitored and unmanaged solutions can easily become gateways for security breaches. This includes potential data leaks non-compliance with data protection regulations and increased vulnerability to cyberattacks.

Solution: Network monitoring

By using network monitoring tools organizations can automatically detect and report the presence of unauthorized applications and devices connected to the network.

For example, significant data transfers at unusual times or to unexpected external locations can be flagged for further investigation.

External threats to intranet security and protective measures

Phishing attacks and email filtering solutions

Problem: Phishing attacks

Phishing (as discussed earlier) is a cyber threat where attackers deceive recipients into revealing sensitive information clicking on malicious links or downloading infected attachments.

These attacks often target employees through email exploiting human vulnerabilities to gain unauthorized access to corporate networks and steal customer data.

Solution: Email filtering solutions

Email filtering solutions use advanced algorithms to analyze incoming emails or signs of phishing such as suspicious sender addresses misleading links and known phishing language.

By automatically detecting and quarantining dubious emails, these filters reduce the likelihood of successful phishing attacks.

Malware and ransomware and endpoint protection

Problem: Malware and ransomware

Malware and ransomware represent some of the most aggressive cyber threats that organizations face. In fact, in 2022 ransomware accounts for 24% of all cyberattacks with the average ransom amount being $1.54 million.

Malware includes various forms of harmful software such as viruses and spyware designed to infiltrate damage or turn off computers.

Ransomware is also another type of malware that encrypts an organization’s data with attackers demanding payment to provide the decryption key.

A recent incident was a ransomware attack on Arden Health Services which caused hospitals to divert patients from their emergency rooms.

Solution: Endpoint protection

Modern endpoint security solutions utilize machine learning and behavior analysis to detect and respond to threats in real time.

Unlike traditional antivirus software that relies on known virus signatures these advanced systems can identify and block malware based on suspicious behaviors and patterns protecting against zero-day attacks.

In addition they also continuously monitor and record endpoint activities providing a detailed view of all files processes and network events.

This monitoring allows organizations to quickly identify potential threats such as unusual file modifications or unauthorized network connections which are indicators of malware or ransomware activity.

DDoS attacks and scalable infrastructure

Problem: DDoS attacks

In a DDoS attack, multiple compromised systems – often part of a botnet – overwhelm a target’s network or servers with a flood of internet traffic.

This can disrupt services and cause significant downtime leading to loss of revenue and damage to reputation.

Solution: Scalable infrastructure

Scalable infrastructure can automatically adjust resources based on traffic demands. For example during a DDoS attack it allows the network to accommodate an unexpected surge in traffic without becoming overwhelmed maintaining service availability even under attack.

In addition, you can implement load balancers to distribute traffic evenly across multiple servers preventing any single server from becoming a bottleneck.

Pro Tip Many cloud providers offer integrated DDoS protection services that can be scaled along with your infrastructure. These services often include advanced traffic analysis and filtering capabilities that can detect and mitigate DDoS traffic before it reaches your core network or servers.

Man-in-the-Middle attacks and VPN encryption

Problem: Man-in-the-Middle attacks (MItM)

Man-in-the-Middle (MitM) attacks are a form of ‘eavesdropping’ in which the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating.

These attacks can occur in various scenarios including intercepting data on unsecured public Wi-Fi networks DNS spoofing or compromising a network device.

Solution: VPN encryption

Virtual Private Networks (VPN) create a secure and encrypted tunnel between a user’s device and the network ensuring that all data sent through this tunnel is protected from external view or interference.

Another addition is encrypting data at the point of origin via SSL/TLS protocols before it travels over the internet. This encryption transforms readable data into a coded form that can only be decoded with the correct key. Even if intercepted the encrypted data remains secure and unintelligible to unauthorized users.

Workvivo Nuggets SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols designed to provide secure communication over a computer network. When a server and client communicate SSL/TLS ensures that the data exchanged between them remains private and uninterrupted.

Vulnerable network infrastructure and firewalls

Problem: Vulnerable network infrastructure

Vulnerable network infrastructure can expose organizations to several cyber threats including unauthorized access data breaches and network disruptions.

Weaknesses in the network are often due to outdated systems misconfigured devices or unpatched software each creating potential entry points for cyber attackers.

Solution: Firewalls

Modern firewalls perform stateful inspection of network traffic. This means they examine data packets and keep track of active connections.

Stateful inspection allows firewalls to understand the context of a traffic flow which enhances their ability to detect and block malicious activities based on known traffic patterns and behaviors.

Furthermore, many advanced firewalls include Intrusion Prevention/Detection System (IPS/IDS) features.

These systems actively monitor network traffic for signs of intrusion such as attempts to exploit known vulnerabilities or anomalies that could indicate a cyberattack. Upon detecting suspicious activity the IPS/IDS can take immediate action to block the traffic and alert administrators.

Pro Tip Conduct routine assessments to identify and address vulnerabilities within the network infrastructure. These assessments should involve scanning the network for weaknesses such as outdated software open ports and encryption flaws.

Supply chain attacks and vendor security practices

Problem: Supply chain attacks

Supply chain attacks target less secure elements in the supply network to compromise the security of the entire system.

These attacks exploit vulnerabilities within the supply chain manipulating software hardware or services provided by third-party vendors to gain unauthorized access to larger more secure intranet networks.

Solution: Vendor security practices

Conduct regular security assessments of all vendors to help identify potential vulnerabilities hackers could exploit in a supply chain attack.

These assessments should review the vendor’s security policies the security measures they have in place and their history of security incidents. The results can guide decisions on whether to continue modify or terminate vendor relationships based on their security posture.

In addition ensure the contracts with vendors include specific security requirements and obligations. This includes clauses that mandate the vendor to notify the organization immediately of any security breaches and to undergo regular third-party security audits.

Intranet security best practices

Regular updates and patch management

Important: Keeping software up to date protects against vulnerabilities that hackers might exploit. Most cyber attacks leverage known vulnerabilities in software that have already been patched by the manufacturer. Effective patch management ensures these fixes are applied promptly to prevent such exploits.

Implementation strategy:

  • Utilize tools that automatically update software when new patches are released. This reduces the delay in applying important security updates.
  • Before deployment test patches in a controlled environment to ensure they do not disrupt existing systems.
  • Develop and adhere to a regular schedule for checking and applying patches to all software used within the intranet including operating systems applications and network devices.

Strong password policies and Two-Factor Authentication

Important: Implementing strong password policies and 2FA are security measures for protecting intranet access. 

  • Strong passwords help prevent unauthorized access by making it difficult for attackers to guess or crack them. 
  • Adding Two-Factor Authentication introduces a second layer of security ensuring that even if a password is compromised the likelihood of an unauthorized person gaining access is significantly reduced.

Implementation strategy:

  • Define requirements for password complexity such as minimum lengths the inclusion of numbers symbols uppercase and lowercase letters and rules against using common passwords or repeated patterns. You can also enforce regular password updates every 60 to 90 days.
  • Use security tools to monitor compliance with password policies and the proper use of 2FA. Implement automatic alerts to notify administrators of any non-compliant activities or repeated login failures.

Network segmentation

Important: Network segmentation involves dividing a network into multiple segments or subnetworks. This approach limits the spread of malicious activities within the network making it harder for attackers to move laterally across your systems.

Implementation strategy:

  • Start by mapping out your network and identifying which areas contain sensitive data or critical systems that require enhanced protection.
  • Based on the critical assets identified determine logical boundaries for segmentation. These could be departmental functional or based on sensitivity levels.
  • Establish strict access controls for each segment. Ensure that only authorized users and systems can access the resources within a segment according to their role and necessity.

Employee training and awareness programs

Important: Employees are often the weakest link in intranet security chains. Training and awareness programs can significantly reduce the risk of breaches by educating staff about the risks and their responsibilities.

Implementation strategy:

  • Create detailed training programs that cover all aspects of network security including password management phishing awareness safe internet practices and how to report suspicious activities.
  • Tailor security training sessions based on the sensitivity of the data the employee handles and their specific roles within the organization. Employees with access to more critical data may require advanced training.
  • Regularly schedule simulated phishing attacks or other security breach simulations to provide employees with practical experience in identifying and reacting to security threats.

Implementing firewalls and intrusion detection systems

Important: Firewalls act as barriers that control the traffic allowed into and out of your network protecting against unauthorized access and threats. Intrusion detection systems on the other hand monitor network traffic for suspicious activity and alert administrators to potential threats.

Implementation strategy:

  • Assess your network requirements and security needs to select the appropriate firewall and IDS solutions. Consider factors such as network size complexity and the specific security threats you are most likely to encounter.
  • Set up and configure firewall rules to define which traffic is permitted and which is blocked. These rules should be based on the Principle of Least Privilege allowing only necessary communications to pass.

Implementing a robust intranet security strategy

Step 1: Assess current security posture

Objective: Understand the current state of your intranet’s security identifying potential vulnerabilities and assessing risk levels.

Actions:

  • Review current security policies procedures and controls. This includes examining user access levels data encryption practices and the security of physical and virtual servers.
  • Identify the assets most critical to your business operations evaluate the threats to these assets and determine the vulnerability of your intranet to these threats. Tools like the NIST Cybersecurity Framework can guide this assessment.
  • Develop a plan that prioritizes identified risks based on their potential impact and the likelihood of occurrence.

Step 2: Establish a security baseline

Objective: Set clear enforceable standards and protocols that will define your intranet's security framework moving forward.

Actions:

  • Create or update security policies that cover all aspects of intranet usage data management and access control. Ensure these policies are aligned with industry standards and best practices.
  • Implement standardized configurations for all hardware and software used in your intranet. This includes setting up secure default settings for servers workstations and networking equipment.

Step 3: Harden network security

Objective: Strengthen the defense of your intranet against external and internal threats by enhancing network security.

Actions:

  • Set up firewalls to block unauthorized access and use IDS to monitor network traffic for suspicious activity.
  • Follow data security management best practices and ensure that all data transmitted across your intranet is encrypted using strong encryption protocols like TLS or VPN services.
  • Ensure that all endpoints accessing the intranet such as workstations and mobile devices are secured against threats. This could involve using endpoint security solutions regular updates and device management policies.

Step 4: Implement network segmentation and traffic monitoring

Objective: Divide the network into distinct segments to limit access and reduce potential attack surfaces while also continuously monitoring network traffic to detect and respond to threats swiftly.

Actions:

  • Divide your network into smaller controlled segments based on the type of data they handle or their operational necessity. This makes it easier to enforce security policies and control access.
  • Define security zones within your network such as a demilitarized zone (DMZ) for public-facing services and a secure zone for sensitive internal resources. Apply appropriate security controls to each zone.
  • Use tools to monitor network traffic continuously. This helps in identifying suspicious activities and potential threats as they occur allowing for immediate response.

Step 5: Regularly update and patch systems

Objective: Maintain the integrity and security of your intranet by ensuring all systems and applications are up to date with the latest security patches and updates.

Actions:

  • Establish a policy that outlines the process for regularly updating and patching software and hardware. This policy should prioritize critical updates that address significant vulnerabilities.
  • Utilize tools that automate the patching process. Automation ensures that patches are applied as soon as they become available minimizing the window of opportunity for attackers.
  • Keep track of which systems have been patched and which have not. Ensure compliance with your patch management policy by conducting regular audits.

Step 6: Monitor and respond to security incidents

Objective: Establish a surveillance system that can detect and respond to security incidents in real-time.

Actions:

  • Set up a Security Operations Center (SOC) to monitor security logs and alerts around the clock. This centralized unit will manage the detection analysis and response to security incidents.
  • Use Security Information and Event Management (SIEM) tools to aggregate and analyze log data from across your network to detect anomalies and potential security threats. This will give you a comprehensive view of security events.
  • Have a detailed response plan in place that outlines specific steps to take when a security incident occurs. This plan should include roles responsibilities procedures and communication strategies.

Step 7: Educate and train employees

Objective: Create a security-aware environment within the organization by educating and training employees on security best practices and potential threats.

Actions:

  • Introduce regular training sessions that cover key security topics such as phishing malware and safe internet practices.
  • Regularly perform simulated phishing and social engineering attacks to test employee awareness and preparedness.

Step 8: Continuously evaluate and improve security measures

Objective: Regularly review and refine your security strategies to adapt to new challenges and improve overall security posture.

Actions:

  • Schedule routine audits to assess the effectiveness of existing security measures. Use these audits to identify any gaps or weaknesses in your security framework.
  • As new security trends and technologies emerge update your policies and protocols to include new best practices and solutions.

Enjoy cloud-based intranet security with Workvivo

When you choose Workvivo you are investing in a secure user-friendly intranet platform that prioritizes the protection of your organization’s sensitive data while enhancing collaboration and engagement.

Why the world’s biggest brands trust Workvivo

  • End-to-end encryption – All data transmitted within Workvivo is protected through end-to-end encryption ensuring that messages documents and personal information are secure from unauthorized access.
  • Two-Factor Authentication (2FA) – Workvivo supports 2FA adding an extra layer of security that requires not just a password and username but also something that only the user has on them i.e. a piece of information only they should know or have immediately to hand.
  • Regular security audits – To maintain high security standards Workvivo undergoes regular security audits conducted by independent third-party firms. This practice helps identify and rectify any vulnerabilities ensuring the platform remains secure against evolving cyber threats.

View Workvivo Certifications on Zoom

  • Customizable user permissions – Workvivo offers advanced settings that allow administrators to set and modify user permissions ensuring employees can only access the information necessary for their roles. This minimizes the risk of internal data leaks and unauthorized access.
  • Data compliance – Adhering to international data protection regulations such as GDPR Workvivo ensures that all data handling practices comply with legal standards thereby protecting the organization from potential legal and compliance issues.

 

EXP Migration Internal Communications _ Change Management Plan Blog Covers2.png