COVID-19 and working from home securely: What you need to know

The continued spread of the coronavirus has changed life as we know it. We are seeing more organisations elect to have their staff working remotely to reduce the impact on staff health, business operations and to slow the spread of the virus in Australia.

While this is an effective bio-security mitigation strategy, working from home will increase cyber-security risks.

How do organisations and their homebound staff reduce this risk? This article provides guidance on what staff and organisations need to consider to securely work from home.

For staff working from home:

• Never connect over a public network (e.g. libraries, Wi-Fi hotspots). Connect only to your home network or tether through a work mobile device. This will reduce the risk of communications being intercepted.
• Minimise personal use of social media and web browsing on work laptops and devices while working remotely. There may be an increased cyber-security risk with these activities while at home.
• Do not allow family members to use work laptops or devices. This will reduce the risks from social media use, installation of third-party apps, and inadvertent browsing to malicious sites.
• Where possible, use agency provided cloud storage for all data. This will reduce the risk of data loss if a work laptop or mobile device is lost or stolen.
• Do not transfer work files to any personal devices; do not use USB storage devices.
• Just like USB storage, avoid using any home printing or scanning devices. These can store copies of the documents printed on an unsecured hard drive.
• Remote workers will be targeted by phishing campaigns. In particular, do not respond with haste to any “urgent” email requests. Confirm via non-email communication with the requester before taking any actions. Phishing campaigns will use urgency to take advantage of a remote worker’s lack of access to their greater team.

What organisations need to know:

Before any organisation allows users to work remotely, the following infrastructure should be in place to minimise cyber-security risks to the agency:

• All access to agency networks/systems should be over Virtual Private Networks.
• Remote staff will be a target. Prepare your staff by educating them on identifying and avoiding phishing attempts.
• Where possible, use secure cloud storage for all data. This will reduce the risk of data loss if a work laptop or mobile device is lost or stolen.
• All remote user access should require multi-factor authentication.
• All user devices should have Endpoint Detection Respond software installed.
• All remote devices should have firewall software enabled (e.g. Windows Defender Firewall).

Regardless of the organisation, remote staff and their additional devices will increase the strain on their IT infrastructure. Here at Macquarie Government, we can assist you with the right solutions including:

• Secure file transfer and collaboration (to allow for classified documents to be safely shared)
• Two-factor authentication (to help authenticate additional devices connecting to the network)
• VPN
• Internet bandwidth upgrades

If you require assistance please call 1800 004 943, option 4 for more information.