Managing cyber risks while staff work from home

Managing cyber risks while staff work from home

Heightened cyber risks have emerged as a serious issue, given most businesses now have many staff working from home.

So it’s important to put in place policies and procedures to ensure data is secure no matter where staff are located. Helping staff to recognise and avoid risky behaviours is also part of a great cyber safe culture. Here we explore some of the essential steps businesses need to take to reduce the risk of cyber criminals compromising the network.

Make sure staff are updating security alerts

“The challenge is to ensure cyber security is top of mind for employees,” says Fernando Serto, head of security technology and strategy at Akamai Technologies.

“But it can be tricky to enforce behaviour when people work at home, especially when it comes to ensuring employees are uploading security updates,” he adds. One way to combat this is to put controls in place so staff can’t access work applications on their devices until security updates have been installed.

“This will encourage users to keep up with updates and patch cycles,” Serto says. This is also effective no matter if staff are using devices provided by the business or their own tablets, laptops and smart phones.


“It’s essential to teach staff how to recognise a phishing email, which is challenging given

criminals are becoming increasingly sophisticated in their approach”


Educate staff about cyber safe practices

Phishing is a huge challenge for all businesses. These are fake communications sent by criminals that look messages from a real business. The fraudsters attempt to get staff to click on links, which gives offenders access to the business’ IT system.

It’s essential to teach staff how to recognise a phishing email, which is challenging given criminals are becoming increasingly sophisticated in their approach.

“We’ve seen phishing campaigns that use social media and other methods to try to lure individuals to click on a malicious link to compromise a work device,” says Serto. So it’s important to create an open, honest and transparent communication channel between staff and the IT security team.

This enables the business to explain to teams why being phishing-aware is important and to let them know when new scams emerge.

Ensure staff are safe when they use video conferencing

The use of video conferencing tools has skyrocketed this year, greatly assisting firms to communicate when staff are no longer office-based. But hackers can easily compromise these tools and use them to enter a firm’s network.

So it’s important to implement proper protocols to reduce this risk.“There are lots of free versions of these tools. But an enterprise-grade solution will make a significant security difference,” says Mick McCluney, technical director of cyber security firm Trend Micro.

Free services run a heightened risk of malware being installed in users’ systems. Using an enterprise-grade version substantially minimises this risk.“Outsiders guessing meeting IDs and bombing meetings is becoming an issue.

So take care to configure meetings so they are secure. Using passwords where possible also helps ensure only authenticated users are in the meeting,” McCluney adds.

Concerns have been raised by the FBI and others about IT security when using Zoom.

Hamish Blake the comedian has crashed Zoom meetings. Cyber insurance is another line of defence against cyber attacks by external parties. But it should be seen as a last line of defence. It’s also essential for firms to have the right security protocols in place to reduce the risk of compromised systems while so many people are working from home.

If the business does detect a cyber breach, use it as opportunity to educate staff and encourage them to be an active part of the organisation’s cyber security strategy. See a breach as a valuable lesson and a way of generating insights about which other controls should be in place to avoid a similar situation down the track. That’s the best way to ensure the business, its data and systems are properly protected at all times.

Important Note – The information provided here is general advice only and has been prepared without taking in account your objectives, financial situation or needs. Steadfast Group Ltd (ABN 98 073 659 677, AFSL 254928), Watkins Insurance Brokers Pty Ltd (ABN 23 059 370 455, AFSL 244427).


Important disclaimer – Steadfast Group Limited ABN 98 073 659 677, its subsidiaries and its associates.

The views expressed are those of the author only and do not necessarily reflect those of Steadfast.

This magazine provides information rather than financial product or other advice. The content of this magazine, including any information contained on it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.

Information is current as at the date articles are written as specified within them but is subject to change. Steadfast, its subsidiaries and its associates make no representation as to the accuracy or completeness of the information. Various third parties, including Know Risk, have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of Steadfast Group Limited.


Important disclaimer – Watkins Insurance Brokers Pty Ltd ABN 23 059 370 455, AFSL 244427.

The views expressed are those of the author only and do not necessarily reflect those of Watkins Insurance Brokers Pty Ltd.

This magazine provides information rather than financial product or other advice. The content of this magazine, including any information contained on it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.

Information is current as at the date articles are written as specified within them but is subject to change. Watkins Insurance Brokers Pty Ltd make no representation as to the accuracy or completeness of the information.

This article has been reproduced with the consent of Steadfast Group Limited.


Source: – https://www.steadfast.com.au/well-covered/insurance-for-growing-business/managing-cyber-risks-while-staff-work-from-home