Victorian state crest

Restrictions are in place to help slow the spread of coronavirus (COVID-19) and save lives. For more information visit the Department of Health and Human Services (DHHS) website.

Close

6 cyber security tips for remote working

Working from home is arguably one of the largest cultural shifts as a result of coronavirus. Just about anyone who can run their business from home, is working from home, and has found themselves having to quickly adjust the way they work.

Many Australian business owners are dedicating much of their time and effort to finding the right balance between adapting to the current climate while maintaining their productivity. This is putting additional strain on many business owners during this already difficult period.

Many Victorians are showing solidarity by abiding by safety measures, social distancing, and remote working, but unfortunately, there are some who view this period as a chance to exploit and steal from the vulnerable.

The Australian Cyber Security Centre (ACSC) and other government bodies have warned about a surge in online risks and vulnerabilities introduced by coronavirus.

Fake email and SMS campaigns, fraud attempts, and coronavirus themed scams have all been launched quickly by attackers and Victorian businesses need to practice vigilance and understand the current landscape in order to protect themselves.

When you left the office and migrated to your home, you took your business with you. Not just the pens, pencils and coffee mugs, but your company data, login details, and work systems as well.

What steps do you need to follow to ensure your home is a safe place to do business? Here are six tips to strengthen your remote working security and keep your data safe.

1. Set up a VPN at home

One of the most technical, but also the most important is setting up a Virtual Private Network or VPN.

Simply put, a VPN works as a secure “tunnel” between your home and your workplace. While working from home, you and your colleagues are sending sensitive data and business documents across potentially unguarded connections, meaning it’s more likely that someone could intercept or eavesdrop on your data.

When you’re working from home, you’re also working on a different internet connection or network than you would at work. While your home network is likely safe for standard internet usage, it’s rare that a home would have the same level of security as a workplace. This is why using a VPN connection is essential.

A VPN puts your computer or work device back onto the business network to ensure you’re working from a safer connection. If you’re unsure of how to use a VPN, we recommend contacting an I.T. professional to help set one up for both you and your staff/team.

2. Keep work separate from social media

Working from different locations can make it easy to lose track of our usual messaging platforms like Slack or Workplace. Staff or colleagues may be tempted to opt for social media messaging due to ease-of-use, but this exposes your business operations and private data to a high risk of compromise.

Personal social media accounts are usually easier to hack into than corporate ones. In the event your personal Facebook, WhatsApp, or other social media is hacked, you don’t want to deal with both identity theft and a workplace data breach at the same time. Stick to dedicated work platforms and avoid using personal social accounts for work, even if it’s urgent.

3. Set boundaries on who can use your work device

If you have a family or a co-living arrangement at home, you might be used to sharing a computer. But, when the old home computer suddenly becomes the main workstation for your business, some new rules need to apply.

The sensitive, confidential business data you access is now open to your entire household meaning there is a degree of risk involved every time someone uses the home computer.

Other users can accidentally install a virus or lose their login information to scams, and if this happens on a device you’re using for business, your data is suddenly at risk.

A good rule-of-thumb to live by is “Would I let this happen on my office computer?” If the answer is no, then set boundaries on who can use the computer, and what they’re allowed to do.

If possible, it’s best to use a separate device entirely for all business activities. Not only does this help you avoid the risk of using the home computer, but it also helps in setting a defined work/life balance.

4. Update your apps

In 2019, 60% of breaches involved outdated apps and software. It’s very common delay an app update instead of updating straight away and, while this might be tempting at the time, it’s riskier than you think.

App updates exist to patch up vulnerabilities and keep you safe. By putting off an app update, you’re might be leaving an open exploitable security flaw in the app for hackers.

Moving forward, make sure to remove apps you don’t use anymore update your apps and operating system when notified. If you struggle to find space to do this in your working day, set aside a little bit of dedicated time at the end of your business day, it will make all the difference.

5. Use two-factor authentication

Two-factor login has become the new safety standard for any secure business and is simply an extra layer of security on top of your passwords.

For example, when you receive an SMS code to confirm a Facebook login or online bank transaction, that’s two-factor in play and it can be turned on for most logins.

The benefit of two-factor authentication is that if your password is compromised while working from home, you’ll always have a second verification step via your phone or an app to fall back on. In most cases, this small step is enough to prevent a breach.

You can find two-factor setup tips from the ACSC here.

6. Keep an eye out for scams, especially during coronavirus

Victorian businesses face scam attempts every day, and since coronavirus, scammers have only increased their efforts.

Scams are designed to play on insecurities or concerns in order to steal your data. Now coronavirus is such a prevalent concern for business owners, cybercriminals are tailoring their scams directly to the pandemic.

Within only a few weeks of restrictions imposed to slow the spread of coronavirus, scammers had already started sending fraudulent SMS and email notifications, such as the below, claiming to contain legitimate health resources.

(Image courtesy of the Australian Computer Society)

During this time, whether or not you are working remotely, we can all expect to see a huge increase in scam emails using coronavirus as the basis for false narratives.

While these emails are designed to be deceptive, there are usually some red flags that will give them away immediately. Here are some of the tell-tale signs to keep an eye out for:

  • Bad grammar and typos
  • Suspicious or immediate call-to-action
  • Requests for card details or private information
  • Unfamiliar or suspicious links
  • Mismatched email addresses/phone numbers from the company’s usual details

These are unprecedented times that have presented new challenges for most businesses.

By taking these six important steps, not only will you be strengthening your remote working security and keeping your data safe, but you’ll also be protecting the business that you have worked so hard to build.

Jonathan Horne

CEO | Cyber Aware

Jonathan Horne has been building, running and selling online businesses since he walked out of the school gate. Over the last 15 years he has built some of Australia’s most trusted brands, servicing both small local businesses as well as some of the most well-known brands in the world. After witnessing a multi-million dollar competitor go out of business due to a cyber incident, Jonathan focused and researched heavily on improving his own businesses' cybersecurity. Through this experience grew CyberAware.com, an awareness training platform that removes the technical jargon from cybersecurity, and works to make cybersecurity easy for businesses of all sizes.