Cyber security when working from home: A basic guide for business owners

Estimated reading time
 5 min

Key points

• Working from home increases cyber risk because business devices operate outside protected office networks.
  
  
• Cybercriminals often target employees rather than systems.
  
  
• Simple cyber hygiene practices can help reduce risk.
  
  
• Staff awareness is one of the most effective defences.

Hybrid and flexible working arrangements are now standard practice for many Australian businesses, and it’s easy to see why.

While working from home offers benefits such as reduced overheads, access to a wider talent pool and improved employee flexibility, it can also increase your exposure to cyber risks if not managed carefully.

This article outlines practical tips to help your employees stay safe online when working from home.

Why cyber security matters when staff work from home

When employees work remotely, your business information is no longer protected solely by office based networks, firewalls and monitoring tools. Instead, work takes place across multiple locations, devices and home networks, which can increase cyber risk.

Common risks include:

• Home Wi Fi networks that may be less secure than office systems
• Devices used outside the workplace being more vulnerable to loss, theft or shared access
• Cybercriminals targeting remote workers with urgent or deceptive scam messages
  

A cyber incident affecting remote staff can lead to:

• Loss of customer or business data
• Disruption to operations or downtime
• Reputational damage and loss of trust
• Financial loss from scams or recovery costs

Taking simple steps to secure remote work can help reduce these risks and better protect your business.

Working from home cyber security checklist for businesses

This checklist outlines common cyber security practices to help protect employees, devices and business information when staff work from home.

Devices and systems

• Provide or approve devices used for work
• Ensure work devices have security software installed and kept up to date
• Enable automatic system and software updates
• Require strong, unique passwords or passphrases for business systems
• Turn on multi factor authentication (MFA) wherever available

Data protection

• Set up regular backups of business data and test the backups
• Limit access to sensitive information to only those who need it
• Define where business information can and cannot be stored

Staff awareness

• Train employees to recognise phishing emails and scams
• Encourage staff to pause before sharing information or acting on a request
• Reinforce that urgent or unusual requests should always be verified using a trusted contact number
• Create a culture where employees feel comfortable reporting concerns

Incident basics

• Make it clear how staff should report suspicious activity
• Define who employees should contact if something seems wrong
• Ensure lost, stolen or compromised devices are reported immediately

If you think a work device has been compromised 

• Report the issue internally to your IT team or the appropriate contact in your business.
• Disconnect the device from the internet and stop using it until it has been checked.
• Change passwords for any affected accounts.
• If needed, seek technical support to help assess or restore the device.
• Install the latest updates on devices once the issue has been resolved.

Where to report fraud and scams

• If you suspect fraud on your account, or if financial information has been shared or money transferred as a result of a scam, contact your bank immediately. If you bank with ANZ, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.
• Block or cancel any affected cards if card details were exposed. If your cards are with ANZ, you can temporarily block or report a lost or stolen card through the ANZ app or by calling us.
• Contact the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) hotline, 24 hours a day, seven days a week on 1300 CYBER1 (or 1300 292 371).
• Report the scam to the ASD’s ACSC ReportCyber portal if money or personal information has been lost.
• Help others by reporting to Scamwatch to help them prevent future losses, monitor trends and educate the population about emerging threats.
• You can also contact IDCare, a not-for-profit organisation providing support to those experiencing identity and cyber security concerns.