RSS icon

Top Stories

MCI's Intranet Security System Uses PINs

September 1, 1998
Related Topics: HR Services and Administration, Intranets/Extranets, Featured Article
When it comes to advanced intranet security, few companies can match MCI Corp. The Washington, D.C.-based long distance telephone provider has developed a showcase system that allows it to manage transactions for upward of 30,000 employees a month-nearly 60 percent of all MCI workers. "The success of any intranet depends a great deal on the confidence people have in it. If you build in the appropriate safeguards, people will use it," explains Giuseppe Cimmino, manager of The Source Online, MCI's intranet.

Judging by the content and popularity of The Source Online, MCI employees seem sure in the belief that their transactions are secure. MCI offers more than 1,400 pages of interactive HR content, including the ability to exercise stock options, manage a 401(k) account, fill out an electronic W-4 form, and view an electronic pay stub up to seven days before payday. Employees can also up-date their own records and enroll in direct deposit electronically.

All of this is possible using a personal identification number (PIN)-the same one employees have relied on for years to access an interactive voice-response (IVR) system-that provides the appropriate level of access to data. "A single user sign-on that works across multiple platforms provides the power, flexibility and protection to create an effective, secure system," says Cimmino. Func-tioning across differing operating systems and Web browsers, the PIN-based system also lets MCI add digital certificates and more advanced features as they are needed.

However, MCI doesn't rely only on strict log-on controls. Employees automatically receive secure Web pages after they've logged onto the system. Once they click past a page on their browser, it immediately expires. That makes it impossible for an intruder to view the data by clicking the "back" button on the browser and accessing cache files. If an employee steps away from a PC while viewing secure documents, the system automatically logs the individual out after five minutes of inactivity.

Finally, the company tries to install a sense of personal responsibility in using the system. "Even the best technology and systems are vulnerable to human lapses," says Cimmino. "Employees have to take personal responsibility. They have to understand procedures and policies and follow them."

Workforce, September 1998, Vol. 77, No. 9, p. 81.

Recent Articles by Samuel Greengard

Comments powered by Disqus

Hr Jobs

View All Job Listings