COVID-19 and working from home securely: What you need to know

March 18 2020, by Macquarie Technology Group | Category: Government

COVID-19 and working from home securely: What you need to know

The continued spread of the coronavirus has changed life as we know it. We are seeing more organisations elect to have their staff working remotely to reduce the impact on staff health, business operations and to slow the spread of the virus in Australia.

While this is an effective bio-security mitigation strategy, working from home will increase cyber-security risks.

How do organisations and their homebound staff reduce this risk? This article provides guidance on what staff and organisations need to consider to securely work from home.

For staff working from home:

  • Never connect over a public network (e.g. libraries, Wi-Fi hotspots). Connect only to your home network or tether through a work mobile device. This will reduce the risk of communications being intercepted.
  • Minimise personal use of social media and web browsing on work laptops and devices while working remotely. There may be an increased cyber-security risk with these activities while at home.
  • Do not allow family members to use work laptops or devices. This will reduce the risks from social media use, installation of third-party apps, and inadvertent browsing to malicious sites.
  • Where possible, use agency provided cloud storage for all data. This will reduce the risk of data loss if a work laptop or mobile device is lost or stolen.
  • Do not transfer work files to any personal devices; do not use USB storage devices.
  • Just like USB storage, avoid using any home printing or scanning devices. These can store copies of the documents printed on an unsecured hard drive.
  • Remote workers will be targeted by phishing campaigns. In particular, do not respond with haste to any “urgent” email requests. Confirm via non-email communication with the requester before taking any actions. Phishing campaigns will use urgency to take advantage of a remote worker’s lack of access to their greater team.

What organisations need to know:

Before any organisation allows users to work remotely, the following infrastructure should be in place to minimise cyber-security risks to the agency:

  • All access to agency networks/systems should be over Virtual Private Networks.
  • Remote staff will be a target. Prepare your staff by educating them on identifying and avoiding phishing attempts.
  • Where possible, use secure cloud storage for all data. This will reduce the risk of data loss if a work laptop or mobile device is lost or stolen.
  • All remote user access should require multi-factor authentication.
  • All user devices should have Endpoint Detection Respond software installed.
  • All remote devices should have firewall software enabled (e.g. Windows Defender Firewall).

Regardless of the organisation, remote staff and their additional devices will increase the strain on their IT infrastructure. Here at Macquarie Government, we can assist you with the right solutions including:

  • Secure file transfer and collaboration (to allow for classified documents to be safely shared)
  • Two-factor authentication (to help authenticate additional devices connecting to the network)
  • VPN
  • Internet bandwidth upgrades

If you require assistance please call 1800 004 943, option 4 for more information.

From the Blog

Essential Eight and Legacy Systems

In the many discussions I’ve had with our agency customers around their efforts to implement Essential Eight security, the most common obs...

Read More

Sovereign Cloud and AI: Where do I want ...

In 2006, Clive Humbly coined the term, “Data is the new oil.” Today, data and the significance of where and how it is stored, processed,...

Read More

Safeguarding Against Cyber Supply Chain ...

The recent cyber-attack on XZ Utils, a popular software used for file compression, underscores the escalating threat landscape targeting sof...

Read More