With many household names falling victim to security breaches or hacks in recent months, digital workplace security has really been under the microscope. In today’s digital-driven landscape, securing your digital workplace is not an option, it’s a responsibility.
Modern workplaces of all sizes will have a range of different employee types across many locations who need to stay connected. This could include frontline colleagues in stores or on the move, remote colleagues and those who are office based or hybrid. With a lot of opportunities to access a central intranet or employee app, the responsibility for securing your digital workplace sits with IT. In this article we have outlined all the considerations from an IT perspective to ensure that your digital workplace, wherever it is hosted, remains secure and compliant to protect company and employee information.
What is a digital workplace?
The digital workplace is your central hub for all employees to access resources, information and connect with other colleagues across departments, regardless of their location. Your company intranet, cloud document storage and any third party platforms your teams use to complete their day to day tasks are all part and parcel of your digital workplace.
The balance between enabling accessibility to your digital workplace for all employees versus ensuring all access is secure and legitimate, can feel like an arduous task for IT and information security managers.
Digital workplace architecture
Your security controls will need to encompass all third party tools that your people access through their digital workplace. For example, if your intranet is a one-stop shop that all employees must pass through to access other portals that their department uses, you will need to ensure that all of these integrations within your digital workplace architecture are protected in line with company security protocols.
Securing your digital workplace
Modern intranets are becoming a necessity rather than a nice-to-have. This means that more company information is uploaded to such platforms so that all employees have visibility of the right resources, policies and documentation needed to do their jobs.
As companies grow, so do their intranets, as even more content is shared on these platforms. The necessity to protect this information remains paramount. Let’s take a look at how this can be addressed so that IT Directors, HR teams and Internal Comms teams can have peace of mind that all of their needs are met when implementing a new digital workplace platform.
The IT Director’s checklist for securing your digital workplace
-
Protect against cyber threats 🛡️
Implementing a secure intranet with approved accreditations provides a robust safety net around sensitive internal data and resources.
-
Ensure compliance with industry regulations 🫡
When searching for a new digital workplace solution, no matter which industry you work in, ensuring it complies with legal and regulatory standards is a crucial part of risk mitigation and business continuity. See how Sevita made it work.
-
Set up role-based access control 🚧
From admin to department access, contributor status and view-only users, stay safe in the knowledge that only the right people have access to areas that are pertinent to their role, reducing the risk of internal data leaks and maintaining operational integrity.
-
Encrypt all data 🔒
Compliance and security policies will require you to have a secure cloud solution with advanced encryption. Ensure all backup data is encrypted at rest, meaning your information is protected when stored, to ensure all data remains confidential and secure from unauthorised access.
-
Authenticate every user ✅
From native credentials and comprehensive Active Directory integrations to advanced federated identity platforms, protocols like OAuth2, SAML and Multi-Factor Authentication (MFA) are compatible with popular authenticator apps on both desktop and mobile devices.
-
Application level security
Security conscious IT teams need SaaS platforms that showcase best practices in SSO, MFA and secure login methods. Application level security includes:
| Password policies | Session timeouts |
| Multi-Factor Authentication (MFA) | Restrict access to IP ranges |
| Single Sign-On (SSO) | Protected pages |
| Two-Factor Authentication (2FA) | Audit log access |
| Cool off and lockout |
-
Continuous monitoring and testing
Security and penetration testing are integral to the development and maintenance processes of a secure digital workplace. Rigorous internal testing and third-party expert security testing are crucial in identifying, isolating and eliminating malicious software and potential threats.
Three levels of intranet security ownership
When we think about digital workplace security, it can generally be managed at three levels; company, admin and user level. Let’s take a look at the different levels of security in the context of an intranet or employee experience platform such as Oak Engage.
Advantages of an intranet at the company level
The company level is usually managed between the intranet provider and the IT or technical team that manages company device access and security. Whichever platform you choose to build your intranet on, the provider should apply intranet security best practices to ensure that data is kept safe through cloud hosting, adhering to your organisation’s privacy and compliance requirements.
Another advantage of intranet security is the authentication required for users to login. Employees will only be able to access the intranet once they have been authorised. This can be managed through Single Sign-On (SSO) which allows user authentication in your own organisation’s systems without requiring them to enter additional login credentials. SSO maintains a user-friendly employee experience while keeping system access safe and restricted only to employees.
Sometimes, when working with external parties, suppliers or clients, the lines of security can become confused. Eradicate ambiguity and ensure all exchanges of documents and data are done via a secure portal such as an extranet that is linked with your intranet, whether you’re at a desk or on-the-go.
Securing your digital workplace at the admin level
Not all of your employees will require the same levels of access. It is most likely that there will be an individual or a small team who manage the day-to-day running of internal communications and administration of the intranet.
The second level of intranet security applies to colleagues who will be managing the ‘back end’ of the intranet and will need administrator permissions to be able to create new pages or build new content areas.
By having a manageable number of people listed as admins, it is easier to track and manage any updates and just as importantly, manage who can see specific updates, as not everything will be relevant to everyone. For example, a Parental Leave Policy could be applicable to all employees, but a Recruitment Policy may be only relevant to HR colleagues and team managers.
One of the many advantages of an intranet is personalised feeds. To enable this we can segment colleagues based on which content is relevant to each group, whether it is a project team, a department or a committee. Administrators can add or remove permissions across all areas of the platform to manage visibility of and accessibility for all teams or individuals.
Intranet security best practices at the employee level
Employees can be granted access to any areas by admins. The ‘employee’ view is what most users would see upon login. In line with your usual company policy, it can be reiterated that the intranet is solely for use by colleagues, login information or content shared on it should not be shared externally without permission from an admin or management.
It can also help to have a formal policy for intranet security best practices including the limits on what should (or should not) be shared and where. This can protect employees’ personal information or circumstances and prevent issues arising with HR.
Oak Engage’s commitment to securing your digital workplace
Oak is built on Microsoft Technologies and hosted on Microsoft Azure which is one of the most trusted and secure cloud platforms in the world. All Oak data is hosted in the same place you would find all of your SharePoint and Microsoft data. Our ISO 27001 and Cyber Essentials Plus certifications also demonstrate our ongoing commitment to implementing the highest standards of information security.
We understand that your data needs to be kept as safe as possible. To be sure that we provide optimal intranet security for all our users around the world, we use location based servers to keep your data within the localised area to comply with security needs as well as DPA and GDPR regulations.
What sets us apart is our understanding that the foundation of robust data security isn't only in superior tech, but in our people. We aim to foster an environment of awareness. Every member of our team is instilled with the ethos of data protection. We aren't just relying on algorithms and systems, we are ensuring that human oversight is our strongest tool so that we are always vigilant and always aware.
This guide outlines the critical importance of intranet security and illustrates the necessity of an intranet solution that provides comprehensive protection to match existing security practices throughout your organisation.
