Skip to main content Skip to log on Skip to search Accessibility at CommBank

How to keep your business secure in the age of hybrid working

 Make sure the security of your devices, connections, tools and people are up to scratch while working remotely. 

Remote working can be the ultimate test of your cyber and information security culture.

Any habits established in the office will be reinforced at home, so it’s essential to cultivate a positive baseline cyber security culture. Whether remote working arrangements are business continuity or business as usual, dedicated employees will seek to comply and do the right thing. But you need to set them up for success.

Here are some cyber risk management topics you can address through training as you support your workforce in remote working.

Maintaining basic cyber hygiene

Your network and people are vulnerable to malware threats regardless of where they are working, which is why it’s essential to maintain basic cyber hygiene practices such as updating operating systems and applications, enforcing appropriate access controls, and maintaining antivirus programs and network backups.

As operating system and application updates typically happen in the background while people are working in the office, you may require your employees to play a more active role in ensuring they are applied when working remotely. Make sure you communicate your expectations around this clearly and often, and automate these updates where possible to promote compliance.

Securing devices, connections & business tools

Most organisations generally prefer to provide staff with company-owned devices because it’s easier to manage their security policy compliance. However, if your staff are using their personal devices, you may need to provide guidance about how these devices are configured and updated before they can connect to your corporate network.

Once you’ve determined which devices can access your network, it’s important to train staff how to do this securely. It’s a great opportunity to educate your employees on the dangers of public Wi-Fi networks and teach them how to secure their Wi-Fi networks at home, and how VPNs work if they'll be using one.

Once you’ve nominated your preferred collaboration tools, explain their security features to your people. For example, if your organisation is using web conferencing platforms for online meetings, show your employees how to use the security settings for their meetings, instead of relying on default settings. This might be by using features such as password protection, waiting rooms/lobbies, meeting locks and controlled screen sharing by hosts.

Social engineering & scams

Social engineering is an act of manipulation designed to take advantage of human vulnerability,  tricking us into doing something we wouldn’t normally do. Scammers might use social engineering to get employees to click on links, provide sensitive information or process a payment. Your employees could be more susceptible to social engineering away from the office, without someone in earshot to give a second opinion on whether a message is legitimate. 

Cyber criminals can target your employees through emails, SMS or even over the phone by, for example, impersonating IT support. Encouraging your staff to stay on top of the latest scams and security alerts can help your business stay protected.

As scammers seek to capitalise on our emotional response, prioritise the human layer of your defences in your training activities. This includes reviewing and reinforcing processes around separation of duties, particularly for payments, to manage collusion and fraud risks and susceptibility to email payment fraud through business email compromise scams.

Locking down logins

It’s essential to promote secure password behaviours among remote workers, with an emphasis on longer passphrases that are unique for each service. You should also consider implementing multi-factor authentication, where available, as an additional layer of security. It’s a little extra effort for a significant security benefit.

If you’re not ready for broad implementation, consider making it compulsory for accounts and applications with a higher risk profile which would be of more value to attackers should they be compromised.

Data handling responsibilities

Remote working arrangements shouldn’t mean neglecting normal data handling processes and responsibilities. Your corporate IT is more vulnerable to loss and theft when removed from the office. It’s worth providing your staff with some tips on how to minimise these risks, including processes to follow if a device goes missing. You may want to consider installing mobile device management software on corporate devices – these tools will allow you to track the location of a device, remotely block access and erase the data stored on the device, and even retrieve a backup of data stored.

Reiterate the importance of locking screens while stepping away from desks, disposing of printed documents securely, considering who is in earshot during sensitive conversations and generally treating your company and customer data with care.

Keeping your business safe is our priority

That’s why we have a range of products, services and security features to help keep you secure 24/7.

Business security hub

Things you should know

  • This article is intended to provide general information of an educational nature only. It does not have regard to the financial situation or needs of any reader and must not be relied upon as financial product advice. As this information has been prepared without considering your objectives, financial situation or needs. You should, before acting on this, consider the appropriateness to your circumstances.