5 key practices to secure your internal communications

Your employees usually focus on convenience—not security—when sharing sensitive documents and information. Encryption is one answer; a collaboration platform is another.

Internal comms security tips

Are you or your staff giving out your company’s secrets without realizing it?

Most companies invest in anti-virus security software for security, but that’s often not enough when it comes to protecting your internal communications.

These days, you simply can’t treat basic antivirus software as an impenetrable wall shielding your internal communications from cybercriminals. If your company can’t afford data security risks when it comes to internal communications, follow these five essential practices:

1. Make security a top priority for everyone.

Many businesses think they are secure when all they have is an antivirus program. That can be a costly mistake.

Do you currently have:

  • Email encryption against spam and phishing?
  • Local data encryption?
  • Cloud data encryption?
  • Strong passwords (that are frequently changed)?
  • Security-driven collaboration tools?
  • A VPN for remote access?
  • A BYOD policy?
  • Monitoring apps?

Those are just the tip of the iceberg, yet many businesses don’t have them in use or in practice.

2. Emphasize security when colleagues are communicating.

All too often, your employees will shoot out a quick text or a short email with an internal document—thinking only about convenience, not security.

Train your employees to be security minded, helping them keep company secrets, well, secret.  Of course, you must define your security procedures first, or you’ll just be spinning your wheels and your employees will not engage.

 3. Use collaboration tools over email and text messages.

Stop using emails and SMS texts for your internal communications. Instead, find a collaboration tool that has a web interface, a desktop interface and a mobile interface. Try alternative communication tools like Slack (strong focus on security, great for distributed teams), Mattermost (like Slack but with better security) or Rocket Chat (like Slack but open source).

Your employees can communicate with one another without sacrificing security or compromising sensitive information.

4. Frequently change passwords.

Your employees might balk at changing their passwords often, but it has to happen. Employees should revise their passwords at least once a month; once a week is even better. Passwords are a primary target in most data breaches.

You don’t have to change the password yourself; you can use password managers to generate strong passwords and implement them at your direction.

5. Always use a VPN when connected outside the company network.

A virtual private network (VPN) is a protected, encrypted connection between computers on multiple networks. When you use a public network, information travels from your computer through a network to which others are connected. If someone has created a “man in the middle” connection, now your data is being passed through them first, then to the public network, then to the ISP, then your company ISP, and then to your company. That’s a lot of hands touching your unprotected information.

A secure VPN encrypts your data before it leaves your computer. It then passes through all those hands protected, until it gets to the end of the VPN connection at your office.

Dan Fries is technical product lead at Next Ventures.


Ragan.com Daily Headlines

Sign up to receive the latest articles from Ragan.com directly in your inbox.