Working from home securely

Estimated reading time
 5 min

Key points

• Working from home has become the new normal for a lot of Australians, and while it has many benefits, it also comes with cybersecurity risks that you need to be aware of.
  
  
• Getting hacked while working from home can have significant repercussions for your workplace, such as financial or data loss.
  
  
• Staying safe when working from home online comes down to mastering the cybersecurity basics to help keep you and your work safe.

Working from home has become the norm for many working Australians. Around 66% of Australians work from home full-time, Monday to Friday, while 36% do so regularly, such as two to three days a week.¹

Undeniably, working from home has some great benefits, like not having to commute, replying to emails in your pyjamas, and treating yourself to a sound sleep. However, one of the downsides of working from home is the cyber security risks that can allow hackers to slip through the cracks and compromise your work devices and accounts.

“There are so many ways a hacker can get into an organisation or business simply by targeting individuals who work from home,” explains David Mulligan, ANZ Offensive Security Lead. “And it can be really easy to get into a work device or account if it’s not well-protected.”

Knowing how to work from home as safely as possible empowers you to take the necessary steps to make life harder for cybercriminals before they can strike – and we’re going to show you how.

Why is being cyber-smart important for remote working?

In 2023, businesses reported a loss of $29.5 million due to scams, highlighting the need for workers to be more aware of how to be safer online when working from home.²

Cybercriminals tend to gain access to these work devices through human error.³ For example, you might click on a link thinking it’s from a supplier or the IT department you work with, only to have a scammer install malicious software and steal valuable data.

In addition, cybercriminals can use non-work devices, such as smart TVs or other connected devices with limited security, that are connected to your home network to find a backdoor into your work devices. They might infect your home network with malware or a virus, which can spread to personal devices and then to your work ones. Or your personal device might be infected, which then spreads to your network and then to your work devices.

“Sometimes it’s not even the employee’s device that becomes compromised,” David explains. “It’s the smart TV or home entertainment system that hackers might target, which can then infect and hack a company to steal money, data, or both.”

12 basic cyber safety tips for working from home 

“Home network security really does come down to the basics,” explains David. “The simple things like setting up multi-factor authentication (MFA), using strong passwords and passphrases all play a role in keeping your devices and networks safer when you work from home.”

Here are twelve tips to help you work from home safely:

1. Make a strong, unique password or choose a passphrase. “One of the biggest security threats are weak passwords,” David says. “People and businesses are still choosing weak passwords for their accounts and devices, which makes hacking them a breeze for scammers. You can use a phrase from your favourite book, poem or film – the longer and more unique it is, the harder the hacker has to work to break into your account. And don’t use the same password for everything. If you struggle to remember your passwords, then use a password manager to keep track of them all.”
   
   
2. Secure your home network – both your hardline and your Wi-Fi. “A lot of people who work from home don’t secure their home Wi-Fi and use the default password that’s provided to them – this is an easy password for a lot of hackers to crack. It’s important that you change your Wi-Fi password to a strong, unique password or passphrase, and ensure you’ve got auto-updates activated on your modem.”
   
   
3. “Update all your systems and devices – even the ones you don’t use for work,” David says. “If everything is up to date, the hacker will have fewer opportunities to try and break into the devices on your home network.”
   
   
4. Turn on multi-factor authentication (MFA) for all your devices and accounts. “Not having MFA can become a huge weakness,” David shares. “If a cybercriminal can get through a weak password, and you don’t have MFA turned on, it’s basically game over for your data or money.”
   
   
5. Be aware of the different types of scams that can impact your devices and accounts.
   
   
6. Don’t use public Wi-Fi if you’re working off a company device in public places like a café or airport. If you really need to use Wi-Fi on a work device when you’re out and about, consider hot spotting off your phone.
   
   
7. Pause before you click on links or download attachments that come unexpectedly. Take the time to verify that it’s from a legitimate email or phone number that you and your workplace regularly engage with.
   
   
8. Set up a virtual private network (VPN) for your home. A VPN is a secure and encrypted network over the internet that you can use to work from home online safely. This private network hides and scrambles your internet activity and can make it difficult for cybercriminals to access the data on your work devices.
   
   
9. Secure your devices when not in use. Don’t leave your device unattended and lock your computer when it’s not in use, even if it's only for a short period of time, such as going for a lunchtime walk.
   
   
10. Don’t click on links or download attachments from unknown email senders.
    
    
11. Dispose of any physical documents with sensitive information securely. Don’t just throw it in the trash or recycling bin. Shred any physical documents that you don’t need, especially if they contain confidential and sensitive information about customers, employees or the organisation, such as their name and address.
    
    
12. Stay up to date on the latest scam alerts so that you can be prepared just in case a scammer contacts you for a request.

What can you do if your work devices are compromised?

• Disconnect the device from your network and turn it off at the power.
  
  
• Log out of all your workplace accounts – and log out of your personal accounts too if you think they’re compromised. Reset or change the passwords on these accounts, and active MFA if you haven’t already.
  
  
• Report the situation to your IT department or the appropriate team member straight away.
  
  
• If you’ve shared your personal or workplace’s financial information or transferred money, contact your bank or finance department immediately. If you’re an ANZ customer, contact us immediately to report the fraud.
  
  
• If you shared your personal or business’ credit card details, ‘block’ or cancel those cards immediately. If your cards are with ANZ, you can report the stolen card through the ANZ app or by calling us.
  
  
• Change all your personal and professional passwords immediately.
  
  
• Install the latest updates for your devices and modem to strengthen any weaknesses in your work from home set up.
  
  
• If you have access to your workplace’s bank account, closely monitor credit and financial accounts for any fraudulent transactions.

Who can you contact if you’ve been scammed?

• Contact the Australian Cyber Security hotline, 24 hours a day, seven days a week on 1300 CYBER1 (or 1300 292 371).
  
  
• Help others by reporting to Scamwatch or to the Australian Signals Directorate’s Australian Cyber Security Centre’s ReportCyber.
  
  
• Contact your bank immediately if you shared personal or financial information.
  
  
• If you’re an ANZ customer, you can report fraud or suspicious activity in multiple ways, such as through the ANZ app or by calling us