Sean R. Nicholson

As the centralized point of access to organizational information, your Intranet portal may also represent a potential security risk. This is especially true if your portal is accessible to employees via the Internet. If your Intranet authentication is tied to your Active Directory or LDAP, be sure to put policies in place that ensure that your employees change their passwords on a periodic basis. In addition, be sure to encourage (or require) employees to use “strong” passwords, that are comprised of a combination of alpha characters, numbers, symbols and mixed cases.

Unfortunately, according to Wired Magazine the most common password successfully used in a recent Hotmail attack was “123456″. Yes, that’s correct…virtually the same password used by Mel Brooks in Spaceballs to secure his luggage.

As an Intranet professional, it’s important that your employee communications focus on employee education around the topic of frequent password changes, password strength, and their ability to identify and avoid password phishing scams. The Journal of Accountancy provides a great analysis of different types of passwords and their ability to be compromised, as well as a five step process that can be followed to analyze your existing application password strength.

1. Start by developing a full understanding of how your computer system stores passwords.

2. Determine whether your encryption method is powerful enough to safeguard your system, and ensure users choose passwords wisely.

3. If your analysis reveals that your password security is inadequate, begin your search for improvements at the lower end of the cost spectrum.

4. If your assessment reveals that you need an entirely new password management system, look for “yes” answers to each of the following four questions when you evaluate products. (click here to view the additional 4 questions)

5. Regardless of how confident you are in the accuracy and completeness of your security assessment and any remedial solutions you may choose, consider conducting a penetration test.

Source: Journal of Accountancy, July 2009.

If you haven’t run a recent campaign reminding employees of their responsibility to keep corporate information secure, it might be a good time to put one together and teach your employees how to avoid weak passwords and phishing scams.

Angie Cullen

When developing your Intranet, it’s best not to develop in a vacuum. You may not be the best person to make decisions on how employees will use the intranet to do their job.  Be sure to identify employees that will be involved in the maintenance of the portal and get everyone involved in the design process. Create an Intranet Governance Council that will include at least one member from each department throughout your company. Bigger departments might have 2 or 3.  Let the members of the governance council represent their department and tell you what employees in their department need to be able to do their job more efficiently.

Be sure to let the members of the governance council know that while you value their input and opinions, the final decisions regarding design and functionality are the responsibility of the Intranet team.  In other words, everything that the members of the governance council submit on their wish list, might not make it in to the final product. By setting this clear direction and making the members of the council a part of the design process, you can leverage their excitement and promote collaboration, while ensuring that the Intranet design meets the needs of all departments and employees.

Sean R. Nicholson

Regardless of whether you are a seasoned Intranet Professional or just getting started with your first Intranet design, I highly recommend adding What Every Intranet Team Should Know by James Robertson of Step Two Designs to your library.  At 110 pages, this handbook packs a wealth of valuable information into a quick-read offering a background understanding of the evolution of Intranets, guidance on identifying the needs of your organization, and useful tips on designing a solution that meets those needs.

What Every Intranet Team Should Know by James Robertson

Rather than trying to educate the reader on every possible situation that could be encountered in an Intranet build or redesign, Robertson focuses on sharing industry best practices and real-world experiences that the reader can easily adopt.  Robertson’s straight-forward writing style, coupled with sample images and supporting graphics makes the content easy to understand and apply.

Although the book might appear small at first glance, Robertson proves that good things come in small packages by tackling complex issues such as requirements gathering, usability design, and governance. Each chapter provides clear, actionable steps while surfacing potential pitfalls and providing guidance on how to avoid them.  Throughout the text, Robertson progressively lays out the fundamental concepts necessary to understand not only how to design an Intranet, but how to design one that your employees will actually use.

What Every Intranet Team Should Know has found a permanent place in my library and will become a must-read for those involved in current and future Intranet projects.

Sean R. Nicholson

Building a great Intranet environment is often about balance. Balancing acts like those between openness and security,  corporate needs and individual desires, and the balance between content and culture often make for long meetings and tough decisions. Internal communicators and Intranet managers often have to determine how much to share and the right format in which to share it.

Take, for instance, the topic of how much strategic corporate information should be shared internally with employees, and at what time.  Some organizations are willing to post strategic information like corporate earnings and key performance indicators on their Intranet in real time or prior to formal announcements. Others are concerned about employees sharing strategic information outside the firewall where it could impact stock prices or competitive behavior. Usually, the key cultural component as to whether this information is shared with employees is one of trust.  It boils down to whether the organizational leaders trust that employees understand the critical nature of the information being shared.

In situations where a strong bond of trust has been formed between the executive layer and the employees, leaders see the sharing of this information as critical to the success and growth of the company since it tells employees where they are doing well and points out where they can focus their energies to improve. These organizations often use the Intranet to openly share corporate goals and strategies, as well as the performance metrics to measure success. Along with the communication comes a consistent message of the importance of using the information internally and only sharing when and to whom it is appropriate.

At companies where that bond of trust has not been formed or has been previously violated, executives often feel that employees simply don’t understand that sharing earnings or performance information prior to formal announcements can have an adverse impact on the operation of the organization?In these cases, Intranets are often void of critical performance measures and are used, instead,  as communication vehicles for corporate events, product announcements, and HR information. Each of these are important functions, but of little value to the employee in determining whether their day-to-day activities are helping the organization advance its corporate goals and strategies.

In organizations where executives prefer to guard the information and release it to employees at the same time they announce to the public, employees often feel as though they aren’t “in the loop” and, at times, learn about important corporate strategies online, from local news sources, or colleagues at other companies. Hearing corporate performance news and announcements from third parties, rather than hearing the news directly from their executives, often propagates a feeling of mistrust between executives and the employees.

Realistically, it would be naive to state that the best practice is to always share strategic information with employees via the Intranet. The reality is that in large organizations or those with little governance, it just may not be reasonable to assume that providing real-time feedback on performance indicators is possible without having the information leak. Even in small organizations, disgruntled employees or accidental disclosure may result in the information leaking.

Therefore, the best practice for when to share key performance metrics will have to be based on the balance of trust within the organization and the employees’ understanding of when/where/to whom it is appropriate to share. As a result, Intranet professionals will have to work to educate employees as to the importance of keeping the information secure and disclosing only when their organizational culture dictates.

Thoughts, comments, or experiences? I always welcome feedback via comments!

Sean R. Nicholson

When it comes to managing Intranets, governance is one of those topics that tends to divide folks into some pretty extreme camps. One side contends that users should be able to govern themselves freely and, when left alone, content driven by the users will be rich and meaningful. The folks on the other side of the fence believe that content should be generated by one or more specific departments (usually Corporate Communications or HR) for consumption by the end-users.  Their position is often based on the argument that end-users would pose a risk to the organization by sharing incorrect, privileged, or inappropriate content if the wild west of end-user content were allowed. The reality is that these two camps each have their valid points, but the best practice is to land somewhere in the middle by allowing individual contribution, but providing some oversight.

While it’s always good to have one or two Intranet experts who understand the technical architecture of your portal and Intranet applications, it’s also valuable to seek input from not-so-technical Intranet power users from across your org. One tried and true method is to form an Intranet Governance Council that consists of the primary power user from each of the departments in your organization. By ensuring that each department is represented, you’ll hear about issues and concerns from throughout the entire organization and these representatives can solicit feedback from their end-users as well as help you spread of the word about upcoming changes or the addition of features/functionality.  When forming your Intranet council, it’s best to keep it to a small group, usually one or two representatives from each department and make sure to schedule a recurring meeting to get together and review your content management strategy and hash through any issues that might arise.

At the start, it might feel like there are too many cooks in the kitchen and some departments might attempt to set the expectation that their department should have more influence over the direction of the functionality or content. If this occurs, remind each representative that all departments have an equal share in the success or failure of the Intranet and working together is the key to success.  Sometimes this great quote from Henry Ford can help set the tone — “Coming together is a beginning. Keeping together is progress. Working together is success.”

Sean R. Nicholson

Okay Intranet fans, here it is…the 2009 completely unofficial list of must have functionality for every Intranet.

**Please note that we reserve the right to update this list and expand it beyond 10 based on the great feedback and comments we will undoubtedly receive.

{drumroll please….}

# 10) Application Interoperability – There’s nothing like a good Intranet mashup. Being able to search for a user and see not only who they are (from the HR application), what they are working on (from the Project Management application), and where they are located (From HR + Google Maps) is pretty cool, not to mention that it brings relevant information to the user on a single page. Look for creative ways to mash up your applications and streamline information gathering. Remember that good mashup also leverage a “simpler sign-on” schema so that users don’t have to login over and over to see data in different applications.

#9) A Clean Design – Lot of functionality is good, but be sure to spend time up front determining what should be on the front page and what can be moved to secondary pages. Your users should be able to find content quickly and easily. Spend some time watching how your users physically navigate the Intranet and strive toward reducing the number of clicks they have to make to locate the information they are looking for. Need help creating a design? Bring in a consultant from the outside to provide an objective point of view.

#8) A Good Name – I always love hearing people refer to the Intranet by it’s given name, rather than “the Intranet”. Creative names allow folks to create an identity for the Intranet that gives it a life of its own. If you don’t have a name for your Intranet, try holding a company-wide contest to come up with names and then have your company vote on it. Your even more likely to get strong buy in if the name is chosen by your organization as opposed to being assigned by a developer with a Star Wars fetish.

#7) A Strong Navigation Taxonomy – Yes….it’s a Google kinda world, so folks like to find content through search, but when they find that content, they also like to see where they are in the navigation, using a folder taxonomy or breadcrumbs, so they can find other content that is similar in nature AND know how to get back to the content in the future.

#6) Personalization – Users need to be able to customize pieces of the Intranet. Whether it’s their weather, stock quote, news headlines, horoscope or other content, allow them to make the Intranet more useful to them as an information source. Also, by allowing users to relocate portlets or widgets, they can create a design that meets the way they work. Need a good source for personalized information? Look to subscription information providers such as YellowBrix.

#5) A Good Rich Text Editor – Nothing helps an Intranet grow more than content, so making the creation of content easy is important. A good WYSIWYG (“what you see is what you get”) editor is important. Don’t forget to make sure your editor has a spell check. I speak from experience on this one (ahem…Plumtree/BEA/Oracle WebCenter)

#4) Governance – No need to go into full-blown lockdown mode, but governance is a good thing for any organization. It keeps your Intranet from becoming the wild, wild west and ensures that the content created has meaning and is relevant. Some areas of the Intranet (WIKIs, forums, etc… ) can be looser than others, but your governance strategy should be flexible enough to accommodate for these different needs.

#3) A Strong Collaboration Toolset – User created content will drive your Intranet page views through the roof. A good, spirited conversation about the latest product or marketing campaign can help spread the word about what your organization is doing and can drive new innovations. Try adding an “Idea Center” to your Intranet and challenge your employees to come up with new ways to do business. Products like user-driven blogs, forums, and WIKIS can turn your readers into contributors growing your content exponentially. Daily polls can also be used for gathering user sentiment on a corporate topic, or just for a little fun.

#2) A Federated Search Engine – Again, it’s a Google kinda world, so make sure your search works and it can talk to other applications. No one likes to have to search 10 different places for information, so leverage tools like Google appliances or federated search engines like FAST or Autonomy to bring all of your content together into one search. If you haven’t ever seen a demo of one of these “meaning” based search engines, give them a call and ask for one. You’ll be amazed at what modern search engines can do.

#1) Meaningful Content – The best design, the coolest name, even a great governance strategy…they’re nothing without meaningful content. If your users don’t find value in your Intranet, they won’t adopt its use. In addition (and I can’t stress this enough), the content MUST be timely and accurate.

The only thing worse than no information is bad information…Your employees will act using bad information because they don’t know it’s inaccurate. There’s nothing worse than a sales rep sharing an outdated rate sheet or a customer service rep providing an inaccurate solution to a problem. To avoid this, be sure your Intranet content is up-to-date and reviewed frequently.

There you have it, Intranet fans! 10 must haves for any good Intranet.

Additions:

Accessibility – Everyone needs to be able to use your Intranet. Ensuring that your pages comply with the accessibility guidelines will ensure that folks with disabilities can read or hear the content. Thanks to Russell @theparallaxview for the suggestion

Have input? We’d love to hear any additions, suggestions, or constructive criticism in your comments!

Sean R. Nicholson

Each day, it seems that more and more folks are dipping their toes into the world of Social Networking by creating Facebook, Twitter, Blogger, and LinkedIn accounts. And each day, we’re entertained with stories of folks who get “Facebook fired”, shoot off an improper Tweet that lands them in hot water, or  and share confidential information on their personal blog. Recently, Helen A.S. Popkin wrote an excellent article for MSNBC.com called “Twitter gets you fired in 140 characters or less” which details some of the follies of folks who have overstepped the boundaries from responsible social networking into, well…just TMI.

Unfortunately, these types of activities are fodder for the cannons of reactionary corporate zealots who use these follies as examples of why companies can never allow employees to blog, tweet, or otherwise engage in social networking on company time or about any company activities. In fear of expensive litigation, disciplining employees,  or losing valuable corporate information they would rather conjure up hard line policies stating that no employee may engage in these activities using corporate resources during work hours. As if these policies are actually going to stop employees from updating Facebook or slipping in a periodic tweet from their Blackberry.

Flashback To The 90s…When The World Wide Web Was The Target Of Corporate Policies

I remember a time in the late 90s when I was working for a major Telecom company that required VP approval to have access to the Web at any PC. The company was so worried about employees wasting time surfing the Web that they turned a blind eye to the fact that it could be used as a powerful research tool.  In addition, the corporate policy on computer usage clearly stated that those found in violation of the Internet policies (meaning using it without VP approval) could be subject to discipline and/or terminated. Fired…for surfing the Web.

Unfortunately, those of us that were around during these times also remember why these draconian policies were in place. Come on…you remember the dolt in the cube next to you who just couldn’t resist sharing that latest chain email (remember the Nieman Marcus Cookie?) or  risque photos (a polite term for porn) using the “Reply to All” button. These folks were the reasons that the rest of us were under house arrest when it came to Internet access. They surfaced the dark side of the Web, driving the need for restrictive policies.

Luckily companies have evolved and removed or relaxed these types of restrictions and often encourage their employees to use the Web as a powerful research tool. Some have even moved some their primary business applications to “Software As A Service” (SaaS) applications like SalesForce.com. So instead of playing “duck and cover” and shielding their employees from the dangers of the Web, they’re realizing that, while minor infractions to corporate policies my occur, the benefits of using the Web as a tool far outweigh the risks.

Fast Forward To 2009, As Companies Wrestle With Social Networking Policies

So how do companies deal with social networking without repeating history and sticking their heads in the proverbial sand? The first step is to recognize that these activities are not going to go away. They’re not a fad, and they can be just as useful business tools and the Web has become.  To ignore these tools or discourage employees from using them would be just as narrow minded as pulling the Ethernet cables from the backs of their computers ala the 90s.

Employee Collaboration Fuels New Opportunity

The second step is to understand the tools. All too often I hear folks who say things like “Twitter…I just don’t get it.” Yet these very folks have either never created a Twitter account or have never spent time researching the whys and hows of Twitter and how it has worked for others. Instead, they scratch their head and shake their fist at a new, strange technology. By learning about the successes of others, we can all identify new uses within our workplaces for new technology. Feel like you’re out of touch, get yourself a Social Media mentor, as suggested in the ChristyWeb.com article “Do you have a social media mentor?”

The third step in embracing social networking tools is to guide your employees on their usage. Note that I didn’t say “Discourage Their Use” or “Mandate against their usage” or even “Tell them how to use them”. I very clearly said “guide your employees”. Let them know that their knowledge is valuable and that they are encouraged to share their thoughts and views, as long as it doesn’t violate the existing privacy policies, NDA agreements, or Intellectual Property agreements that are in place.  Remind them that sharing information on the Web in any form can be perilous and that they should consider whether they would want their boss, spouse, or mother reading or seeing their online exploits. Often, a simple reminder of good judgment can have as powerful of an effect as a harsh corporate policy.  Yes, you are going to have the dopes who just can’t seem to keep their “inside voice” from leaking out to tweets and Facebook updates and you’ll even have the odd photo or video that stirs up an HR hornets nest, but the reality is…those same individuals would probably be in HR jail even if Facebook never existed.

The other 98% of your employees will explore the technologies and some will find useful ways to grow your organization. Maybe they’ll find ways to enhance collaboration, present themselves to others as a leader in their field, or maybe even find new products or customers. The reality is, they will find new uses and opportunities when given the chance.

What’s the alternative? Write a complex policy banning them from social media activities that is both unrealistic and unproductive.And what fun is that??

For the record, I am blessed to work for a company that has chosen to embrace Web 2.0 and encourages their employees to find new, innovative ways to blog, tweet, and explore the value of emerging technologies. The result is engaged employees who think about new technologies and think twice before they hit the ‘Submit’ button.

Have thoughts or comments? I always appreciate feedback and constructive criticism through comments.