Connecting to the Inetum intranet from home does not involve the same layers of security as a connection from the company’s premises. The workstation is outside the protected network perimeter, the traffic passes through a home connection, and the authentication mechanisms must compensate for the lack of physical control. What technical parameters really separate a secure remote access from a poorly configured VPN connection?
Regulatory Compliance and Remote Access at Inetum: ISO 27001 and GDPR in Practice
Most guides on intranet security for remote work list generic advice (strong password, up-to-date antivirus) without ever linking these practices to a specific regulatory framework. At Inetum, the remote access policy aligns with the ISO 27001 standard and the requirements of the GDPR for data processed on behalf of European clients.
Recommended read : How to Securely Log into Your Book and Pay Account: A Practical Guide
In practical terms, this translates into limited privileged access based on user profile and enhanced traceability of each connection to the intranet. A remote worker does not have the same rights as an on-site system administrator. Sessions are logged, and any abnormal access attempt triggers an alert.
To better understand the complete connection process, you can access the Inetum intranet on Ô Business where each step is detailed.
Recommended read : The complete guide to burning calories while walking: find out how many calories you can lose by walking 10 km!
This approach goes beyond simple individual advice. It integrates remote access management into a broader compliance logic, where connecting to the internal portal (project management, tickets, leave, internal elections) follows the same rules as access to client systems.
Inetum Multi-Factor Authentication: What MFA Changes for Remote Work
Since 2023, Inetum has been rolling out multi-factor authentication (MFA) for remote access to its internal systems. This deployment is part of a program to strengthen access security and combat account compromise.
MFA adds a layer of verification beyond the password. In practice, after entering their credentials on the intranet portal, the employee receives a notification on an authentication app or a temporary code. Without this validation, access is blocked, even if the password is correct.
| Authentication Method | Protection Level | User Constraint |
|---|---|---|
| Password only | Low (vulnerable to phishing and credential stuffing) | No additional constraint |
| MFA via app (TOTP) | High (resists password theft) | App installation, validation at each connection |
| MFA via physical key (FIDO2) | Very high (resists targeted phishing) | Possession of a dedicated hardware device |
The difference between these methods is not trivial. A password alone, even complex, remains exposed to phishing campaigns. MFA via app neutralizes the majority of these attacks. The physical key, on the other hand, also protects against targeted phishing (spear phishing), but requires having the hardware.
MFA via app represents the most common compromise for everyday use in remote work. It only slows down the connection by a few seconds while drastically reducing the risk of compromise.
Company VPN and Inetum Intranet: Configuration and Common Pitfalls
Accessing the intranet while working remotely generally involves a company VPN that creates an encrypted tunnel between the employee’s workstation and the internal network. This secure connection allows access to the portal’s functionalities (project management, IT tickets, leave consultation, internal rights) as if the workstation were physically in the premises.
Several configuration errors frequently occur:
- Using a personal or free VPN instead of the VPN client provided by the IT department. These consumer tools do not route traffic to Inetum’s internal network and offer no confidentiality guarantees suitable for professional use.
- Neglecting updates to the VPN client, which exposes the connection to vulnerabilities fixed in recent versions. Security policies aligned with ISO 27001 require regular renewal of these components.
- Connecting from a public Wi-Fi network (coworking, hotel, train station) without checking that the VPN is active before opening the browser. Any connection to the intranet without an active VPN exposes credentials in clear text on the local network.
- Storing sensitive documents locally on the personal workstation instead of working directly on shared intranet spaces. Several business continuity guides explicitly prohibit this practice.
Check the Status of Your VPN Connection Before Each Session
A simple reflex is to check the VPN client icon in the taskbar before opening the intranet portal. If the tunnel is not established, the connection attempt will fail or, in the worst case, will go through an unsecured path. Some company configurations automatically block access to the portal in the absence of an active VPN, but this protection is not universal.
Remote Work and Business Continuity Plan: The Intranet as a Crisis Management Tool
A rarely addressed angle in security guides concerns the integration of remote work into the business continuity plan (BCP). Some French public organizations now impose specific procedures for remote intranet access as part of their BCP: mandatory use of the company VPN, regular password renewal, prohibition of local storage of sensitive documents.
For a digital services company like Inetum, whose employees work on various client projects, the ability to maintain secure access to the intranet in a degraded situation (local network outage, security incident, health crisis) directly conditions the continuity of operations. The intranet centralizes ticket management, project tracking, internal elections, and administrative functionalities (leave, rights).
A BCP that does not integrate the security of remote access remains incomplete. The quality of the connection, the robustness of authentication, and the traceability of sessions form an inseparable whole.
The last point to keep in mind: the security of an intranet connection while working remotely relies on the interplay between three technical layers (VPN, MFA, privilege management) and not on just one. Removing any of these layers weakens the whole, regardless of the quality level of the other two.