Cyber security when working from home

Estimated reading time
 5 min

Key points

• Hybrid and flexible working arrangements have become the norm for many Australian businesses, but it comes with an increased risk of cyber threats. Training your staff and implementing cyber security practices can help improve your business’ defences.
  
  
• Installing security software, such as Norton and McAfee, to protect your devices and data from cybercriminals, backing up your data and files regularly, and developing cyber safety policies are some of the quick wins for boosting business cyber safety.
  
  
• You and your staff will need to act quickly if a business device is compromised – disconnect the device from the network, delete all files and perform a factory reset if you have a safe backup.

Flexible working arrangements have become standard practice for many Australian businesses, and it’s easy to see why.

Companies can reap the rewards of this, which often include reduced overheads, access to a larger talent pool, increased productivity, and much more.

However, hybrid or fully remote work can increase your business’ risk of cyber threats. This is because the targets (your employees) are spread out across many locations rather than being together at the office. Another reason there’s an increased risk could be a lack of cyber hygiene, which is how you maintain the health and security of your devices and networks.¹

In 2023, Australian businesses lost around $29.5 million to scams.² With that in mind, it’s clear that organisations need to ensure staff are well-equipped to protect themselves – and the business – from potential scams and cyber threats, whether at home or in the office. That’s why we’ll give you some tips on keeping your employees safe online while working from home.

Why is being cyber-smart important for remote working? 

Email is one of the most common methods businesses use to communicate with their customers, vendors, and employees.³ However, email is also one of the most popular ways a scammer can contact you.⁴

Cybercriminals are becoming more sophisticated at impersonating businesses and people via email. Given the volume of emails we all receive, it can be easy for an employee with an untrained eye to fall for a scam or deceptive message from a cybercriminal.

For example, a cybercriminal might email an employee pretending to be your IT company. In the email, they might ask the employee to click a link and download the latest update for their device. If the employee is unaware of how to spot a scam, they might click on the link and unintentionally install malicious software that steals valuable customer data.

Another reason cyber security is important for remote and hybrid working is that cybercriminals can infect personal devices through Wi-Fi networks, finding their way in through smart TVs or mobile phones before spreading to work devices. For example, a cybercriminal might infect your smart home device with a malware worm, which is a type of malicious software that can make a copy of itself and spread to other systems and networks. This malware worm can then infect a business device on the same network as soon as you connect to your home Wi-Fi.

How to help keep your staff safe online when they work from home  

• Invest in security software on all business devices, and make sure you run regular scans to identify anything malicious that might be on the device. Do your research and check that the software meets your security needs and budget.
  
  
• Ensure all staff use strong passwords or passphrases for their accounts and devices. While it’s easy to remember passwords like ‘password1’ or ‘12345’, using them makes it even easier for hackers to get into your business system and compromise it for their own gain.
  
  
• Develop cyber safety policies and procedures to ensure all employees are on the same page about being safe online when working – either at home or in the office. This can include explaining what they can do if they’ve spotted something suspicious or need to respond to a scam or cyber threat.
  
  
• Control access to your business network by investing in a virtual private network (VPN). A VPN is a secure network between your business’ server and other devices. It works by encrypting data that’s sent across the internet. A VPN scrambles sensitive information, such as your IP address and browser history, which makes it harder for cybercriminals to track your online footprint.
  
  
• Use multi- factor authentication (MFA) for all accounts to add extra steps to verify your and your employees’ identities. MFA can give you more peace of mind that multiple layers of security exist between your important business accounts and cybercriminals.
  
  
• Turn on automatic software updates on all work devices to ensure you and your staff get the latest security updates as they become available.
  
  
• Back up your business’ data and files frequently. Suppose someone in your business unknowingly installs software that deletes files or corrupts a device. In that case, they can delete and reset all files on the infected device, knowing they have the backup readily available.
  
  
• Educate your employees on cyber safety basics. One of the biggest reasons cyber breaches tend to happen in workplaces is because of human error.⁵ Addressing this through cyber safety education can help your employees feel confident they can combat cyber threats.

What can you do if your work devices are compromised? 

• Contact your bank immediately if you have shared your personal or workplace financial information or transferred money. If you’re an ANZ business customer, contact us immediately.
  
  
• If you shared your personal or business credit card details, ‘block’ or cancel those cards immediately. If your cards are with ANZ, you can report the stolen card through the ANZ app or by calling us.
  
  
• Report the situation to your IT department or the appropriate team member immediately.
  
  
• Change all your personal and professional passwords immediately.
  
  
• Disconnect the device from the network and shut it down to prevent viruses from spreading to other devices.
  
  
• If you have a backup of your files, delete all the files on your device and do a factory reset. Run a security scan to check for any lingering viruses or malicious software on the device. If there isn’t, download the relevant files from your backup.
  
  However, if the scan flags that there’s still a virus on your device, contact your IT department or contact a cyber security specialist.
  
  
• Install the latest updates for your devices and modem to strengthen any weaknesses in your work-from-home system.

Who can you contact if you’ve been scammed?

• Contact the Australian Cyber Security hotline, 24 hours a day, seven days a week on 1300 CYBER1 (or 1300 292 371).
  
  
• Help others by reporting to Scamwatch or to the Australian Signals Directorate’s Australian Cyber Security Centre’s ReportCyber.
  
  
• You can also contact IDCare, a not-for-profit organisation providing support to those experiencing identity and cyber security concerns.
  
  
• Contact your bank immediately if you have shared personal or financial information.
  
  
• If you’re an ANZ customer, you can report fraud or suspicious activity in multiple ways, such as through the ANZ app or by calling us