Magazine article Workforce

10 Ways to Protect Intranet Data

Magazine article Workforce

10 Ways to Protect Intranet Data

Article excerpt

The best way to protect data from hackers, thieves and innocent blunders is to put the right controls in place and that's a job that requires HR's input.

For most human resources professionals, building an intranet is an alluring idea. After all, what better way is there to reduce the blitz of phone calls and paperwork? Automating processes and eliminating mindless work can't get much easier than this. But behind the buzz about how an internal Web site can revolutionize the workplace and make HR more strategic lies a sobering dose of reality: Intranets can pose a potential threat to security-and not only in ways that are immediately obvious.

Yes, it's necessary that an organization takes precautionary steps to prevent hackers and disgruntled employees from breaching data within its intranet. It must ensure that private information is kept secure, and that unauthorized access to electronic documents or files doesn't take place.

You have to deal with viruses and other assorted headaches. Then there are also less obvious threats, like unofficial applications-including games-that can corrupt or destroy data; keeping confidential or sensitive information-from trade secrets to business plans-from being mistakenly or inadvertently displayed online; and improperly designed firewalls that don't lock out those pesky potential hackers. Without proper version controls and backups, it's also possible for employees to overwrite or destroy key documents.

Unfortunately, ignorance isn't bliss when it comes to online security. Andy Maxwell, a Washington, D.C.-based intranet consultant for Watson Wyatt Worldwide, explains: "Human resources and finance are the two divisions of a company in which the data touches every employee. Any mistake or lapse in security can be absolutely fatal [for the business]."

John Kelly, a security expert with SCT Corp., a business applications software company in San Diego, adds: "The typical HR professional has long delegated intranet security policy to IT. Today, that's a huge mistake. The economic and legal risk is enormous-particularly if medical claim records or dependent information is revealed."

Here are 10 ways HR can play its part in protecting data that is available through an intranet:

Consider using a PIN or password-based system to prevent unauthorized access to files. Although the use of an employee ID and password isn't the most secure method for authenticating a user (see "Getting to Greater Intranet Efficiency," page 72), it's a good balance of convenience and security. A single log-on procedure with appropriate restrictions on access can simplify processes and eliminate the need for employees to maintain multiple passwords, says Giuseppe Cimmino, manager of The Source Online, MCI Corp.'s HR intranet site.

At Washington, D.C.-based MCI, more than 30,000 employees company-wide access the intranet every month. They're able to exercise stock options, view electronic pay stubs, update W4s and engage in distance learning. MCI also puts employees' names on the Web pages so employees know they're viewing confidential information.

Plus, there's a log-off button to ensure that data is no longer available once an employee has completed an online task. "Although the system automatically logs a person off after five minutes, we want employees to know they have a personal responsibility to protect sensitive data," Cimino comments.

Use digital signatures to authenticate a person's identity. It's a technology that's evolving rapidly, but it's far enough along to pay dividends today. Digital signature/certificate technology makes it possible to verify that a person is exactly who he or she says he or she is.

While a conventional, printed signature on paper can be forged, that's nearly impossible to do with a digital certificate. A document is encrypted using a password that's required by both the sender and receiver. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.