We're a Baker Tilly network member
Learn more
Back to top
Securing your remote workforce from cyber threat

Securing your remote workforce from cyber threat

The decentralisation of workforces has been a growing trend over recent years, driven by advances in technological connectivity, local industry decline in retail and manufacturing amid increases in service-based offerings, and due to shifts in social dynamics and values in favour of greater work-life balance.

While there are many benefits to a decentralised, or remote workforce, it is not without risks and challenges.

This is particularly relevant as Australian businesses adapt their operations and workforce in response to COVID-19.

The sudden and significant impact of the global pandemic has required rapid implementation of new technologies, and changes to processes to accommodate an operating model that supports remote working. While many businesses have successfully adapted to the new environment, many are unaware and unprepared for the elevated and associated cybersecurity threats that endanger privacy, security and the protection of an organisation’s data.

When your staff are working remotely your cybersecurity risk changes. Cyber criminals prey on weakness and vulnerability, exposing businesses that don’t have the systems and processes in place to protect their data while its people operate remotely. In recent weeks and due to the current uncertain environment, there has been a rise in activity with cyber criminals actively using COVID-19 as an angle in their attacks.

Below are considerations to assist you and your organisation in addressing the increased security risk of remote working.

Increase your security awareness

Security awareness has always been important, but with the dramatic rise in internet and mobile communication technologies among businesses and individuals, there has also been an increase in phishing emails, fraudulent text messages and other scams.

To combat exposure, regularly communicate with staff regarding the implications of the increased risk, what to be watchful of, and how to report a cyber incident. In addition, a staff training program that is easily accessible, for example through video tutorials, will provide the necessary learnings to empower staff to avoid falling victim to cyber-criminal activity.

Phishing and scam messages often contain a sense of urgency, low or inconsistent or “off-brand” designs and grammar mistakes. These messages may also come from email addresses that look legitimate at first glance but are upon closer inspection fraudulent.

Implement multi-factor authentication

With staff connecting to business systems remotely secure authentication is vital to protecting your data. Cyber criminals will try to log into these same systems, often by using credentials they have stolen or guessed. To ensure only authorised staff have access to your systems and data it is important to implement multi-factor authentication.

The most common example of multi-factor authentication is text messages providing a unique numeric code that are sent when someone logs into a system. The numeric code must be entered as part of the login process. Multi-factor authentication is offered by a variety of vendors and often included in cloud subscriptions such as Office 365 or Google Cloud. In many cases implementation can be as simple as configuring phone numbers for all users and enabling multi-factor authentication.

Secure remote working environments

To access the tools of the trade such as email applications and cloud document storage, staff require an internet connection. While staff on physical office premises have access to a secure digital connection, remote workforces may not; using home or public WI-FI networks to get online. If a local Wi-Fi network is not secured correctly cyber criminals can access and download insights and data sent over the network. Staff should consider changing the default admin password of their home Wi-Fi router, disabling remote management from the internet and ensure they update to the latest firmware on their connected devices.

Additionally, staff may also need to print organisational information, some of which may be sensitive. Organisations should communicate to staff the importance of disposing of any printed material in a secure manner, for example through shredding. Depending on the content, privacy legislation and regulations may apply to these printed documents, only further increasing the need to dispose of these documents in a secure manner.

These simple steps can assist organisations to minimise risk of exposure to cyberthreats as they mobile their workforce and business operations in response to COVID-19.

For questions or more information about managing your security as your organisation and environment changes, contact your Pitcher Partners specialist.

This content is general commentary only and does not constitute advice. Before making any decision or taking any action in relation to the content, you should consult your professional advisor. To the maximum extent permitted by law, neither Pitcher Partners or its affiliated entities, nor any of our employees will be liable for any loss, damage, liability or claim whatsoever suffered or incurred arising directly or indirectly out of the use or reliance on the material contained in this content. Pitcher Partners is an association of independent firms. Pitcher Partners is a member of the global network of Baker Tilly International Limited, the members of which are separate and independent legal entities. Liability limited by a scheme approved under professional standards legislation.

Pitcher Partners insights

Get the latest Pitcher Partners updates direct to your inbox

Thank you for you interest

How can we help you?

Business or personal advice
General information
Career information
Media enquiries
Contact expert
Become a member
Specialist query
Please provide as much detail to ensure appropriate allocation of your query
Please highlight a realistic time frame that will enable us to provide advice within a suitable and timely manner. Please note given conflicting demands with our senior personnel, we will endeavour to respond to you within the nominated time frame. If you require an urgent response, please contact us on 03 8610 5477.
CPN Enquiry
Business Radar 2024
Federal Budget 2024-25
Student careers 2024-25
Search by industry