Op-Ed: Remote work is a cyber vulnerability, but it doesn’t have to be

Having staff work from home can be a great morale boost, reduce business expenses and can even boost productivity for many. Unfortunately, the security measures that staff have at home may not match those in the office.

While your business’s budget may cover a range of tools to ensure high security at work, this is not necessarily the same at home.

Threat actors are using the same strategies, email compromise, phishing and data exfiltration, and exploit the vulnerabilities of the tools used at home, which could see them redirected to fraudulent websites, or grant hackers access to business networks.

Web activity and more can be monitored on an office network, and devices and tools can be screened before investment to ensure that security is high. The same cannot be done for every device that an at-home worker may use.

What can be done?

The Australian Signals Directorate said there are a number of things at-home workers can do to ensure prime security, including securing accounts by using strong passwords or passphrases and enabling multifactor authentication, an option businesses should have on their systems.

VIEW ALL

Devices themselves should be secure. A threat actor that gains access to a staffer’s personal computer now has access not only to their data but also to potential business data and the network. Devices should be secured, files should be transferred using secure platforms, and security software should be kept up to date.

Users should also have separate work user accounts, back up their data, use secure systems, use VPNs and other security tools and avoid public Wi-Fi.

Most importantly, however, businesses should ensure staff are educated on how to spot and report a scam to ensure the hackers never get a foothold. This means, for example, teaching workers how to identify phishing, what to do if they do spot a phishing attempt, and how they can secure their devices and data.