Skip Ribbon Commands
Skip to main content
Home CCI > Risksupport > ​Managing cyber risk as you work from home
Managing cyber risk as you work from home


A cyber attack can be just a click away. Organisations have become more vulnerable to security threats since the coronavirus (COVID-19) pandemic. As more people work from home (WFH) organisations are facing additional cyber security challenges.

With increasing public fear and anxiety over the coronavirus (COVID-19) disease, people are more likely to click on a phishing email if it looks official or like it relates to information about COVID-19. Government agencies have reported targeted scams with COVID-19 messages and hacking attempts on critical services including healthcare and social services websites. Step up security measures as soon as possible if your employees are working remotely.

Increase security awareness among staff

Organisations and their employees need to have heightened security awareness if operating outside of the normal work environment. Cyber criminals will take advantage of the COVID-19 experience as an opportunity to catch organisations off-guard.

Encourage your team to reduce risks while working at home

Helping employees understand work from home protocols and their role as the first line of defence is important. Understanding risks around cyber-attacks and data breaches and how to mitigate them requires review and reinforcement.

Put cyber safe work into action

Organisations have less control over cyber security when staff are working from home, because systems are more vulnerable when people work remotely. Be aware of your system's limitations. Devices normally managed by an organisation and then taken offsite might not get the updates and patching they need. Knowing the weaknesses for your organisation can help planning.

Ensure that workers have the right equipment to do their job.

Some employees who use their own devices may not have adequate security software installed for the kind of work your organisation requires. With workforces moving to working from home, an organisation's security posture may be weakened and the devices used by employees may no longer be protected by additional corporate security controls.

Be prepared for security breaches by conducting a gap analysis

Exposure to the risk of data breach incidents increases for organisations whose employees work at home. Conducting a risk assessment will help to identify weaknesses in the security of your system.

Mitigate business interruption

Organisations may also experience interruption to their services if employees' access to the network and critical business systems from home is not effectively managed. Private VPN's or Virtual Private Networks can be set up by organisations to enable employees to access the organisation's systems and network drives from home.  However, if too many employees are logging in to the VPN this can lead to strain on business systems and significantly reduce performance.  In-home router interference and bottlenecks may also cause disruption.

Ways to safeguard your cyber security when employees are working from home: 

  • Supply workers with laptops or equipment with up the latest security patches and software – so you know that protections are in place.

  • Remind employees of the organisation's cyber security policy and the importance of maintaining security of passwords. 

  • Advise employees to ensure that work devices such as laptops and monitors taken from the office are securely stored after use and not accessible to others in the home. It is important to ensure that nobody else can view confidential information. 

  • Warn employees to be watchful for phishing attacks, social engineering schemes or anything that looks suspicious online and to only use reputable sources for information. For all official advice on the pandemic visit government sites directly, such as www.health.gov.au

  • Manage employee access to the use of virtual private networks (VPNs). For example, limit numbers on VPN to minimise interruption issues or limit time per worker or restrict access to only those workers who perform critical services

  • Ensure employees know how to connect with their Service Help Desks.

  • Encourage employees to keep home networking equipment, broadband and modem devices up to date and if they haven't already to change the default username and password.

  • Secure your devices by employing a 2-factor authentication access requirement.

  • Ensure employees are aware of mandatory data breach reporting requirements, and report all data breach incidents to their manager or IT staff.

  • Conduct a gap analysis to determine areas where the security of your organisation is vulnerable.

 

Tony Lawrence is CCI's Manager, Security & Governance. He says that all employees need to contribute to building resilience in an organisation.

"Cyber security is everyone's responsibility," he explains "and we all have a part to play in reducing cyber risks. People should follow their company security protocols at home, and know to contact their manager or Help Desk if they suspect there is anything that needs to be monitored."

Finally, if despite implementing precautions, something does go wrong, CCI's Cyber Insurance policy can provide cover for first and third party losses experienced by your organisation, subject to the terms and conditions of the policy.

Raise cyber security awareness by accessing CCI resources here:

Other resources:

Top

Disclaimer

© Catholic Church Insurance Limited (CCI) ABN 76 000 005 210, AFS Licence No. 235415, GPO Box 180 Melbourne 3001. All rights reserved. The information on this website is intended to provide a summary and general information only to clients of CCI. It does not constitute, and should not be relied on as advice or considered as a comprehensive coverage of the topics discussed. You should seek independent and professional advice that is tailored to your own circumstances. CCI will not take responsibility for any loss, damage or injury to any persons incurred by the use of content contained on this website.