Remote Working Guide

Members of Company will spend the majority of their time with the company in a remote working environment. In today’s online environment, there are numerous cyber risks that are associated with working remotely. This guide will detail these risks, as well as some mitigating factors which are vital for creating a cyber-secure remote working environment. As such, this guide will assist Thoth Tech members to become cyber-aware and enforce best cyber security practices in remote environments.

Table of Contents

• Associated risks
  • Reduced cyber security protections
  • Accessing insecure networks
  • Shared computers
  • Reduced cyber security resilience
• Mitigation strategies
• Useful cyber security resources

---

Associated risks

In most remote working scenarios, Company members will be utilising their own personal computers and Internet networks for conducting company activities. As such, there are numerous risks associated with remote working.

Reduced cyber security protections

In office environments, the devices, systems, and networks used have numerous technologies in place to prevent cyber-attacks. This can include installed Antivirus systems, Intrusion Detection/Prevention Systems, file encryption systems, and more. In the remote working environment, there are typically not the same protections offered unless the individual puts them in place. This requires awareness and financial means to do so and, hence, remote working scenarios often have reduced cyber security protections, resulting in increased cyber risk.

Accessing insecure networks

In an office environment, a secure network is provided for employees to utilise to perform their company operations. For remote working environments, however, there is no standard or uniform network for employees to connect to – home or public networks instead being used. Such networks, particularly free public Wi-Fi networks, may have minimal security. As such, the risk of data loss or cyber attacks also increase should such insecure networks be accessed.

Shared computers

Conducting work on a computer which is shared between multiple people is an increased risk in remote working. Forgetting to sign out of your user account before someone else accesses the computer puts your stored data and documents at risk. The risks can range from accidental deletion of files to malicious manipulation or stealing of files and data. These risks are further elevated should there be one user account also shared among multiple people on the same computer.

Reduced cyber security resilience

Working in a remote environment, particularly working from home, can cause a reduction in cyber security resilience. For example, individuals may not be on “high alert” for cyber-attacks as they believe no one will attempt to target their personal accounts or devices. However, cyber-attacks can happen to anyone at any time, so there is a need for resilience in adhering to recommended practices and being on alert. In addition, remote working environments have less guidance on escalation procedures in the case of a cyber-attack. Hence, cyber security resilience is reduced, which again increases the risk of a successful cyber-attack.

Mitigation strategies

For Company members, there are recommended practices that work to mitigate the cyber risks of remote working and strengthen their cyber security posture:

• Perform regular backups of data and information, as this assists in restoring information should a data breach or security event occur.

• Ensure that antivirus is installed on devices and that the licence is active, as this protects against numerous attacks. Some antivirus software also offer file encryption services, which can further reduce risks of cyber-attacks.

• Ensure that all devices and device software are automatically updated when new versions are released, as updates often contain security improvements or patches.

• Follow best password practices for all accounts (including cloud storage and third-party provider accounts).

• Only access secured private Internet connections, as public and unsecured networks can put your devices and information at great risk.

• Always sign out of accounts on shared devices before leaving the device (even temporarily) to prevent accidental or deliberate data manipulation or deletion.

• Engage in activities to raise your own cyber security awareness, such as reading relevant news articles or engaging in research to learn more about cyber-attacks. This will improve cyber security resilience.

These mitigation strategies work to protect not only the data related to company contributions, but also personal and private data of individuals. Hence, it is important to adapt these strategies to reduce the risk of cyber-attack, especially as cyber-threats continue to grow and evolve.

Useful cyber security resources

The Australian Cyber Security Centre (ACSC) is a government-backed organisation which aims to improve the cyber security posture of the nation. The ACSC website contains up-to-date information on the latest cyber-threats and a wealth of relevant information regarding identifying, mitigating, and reporting cyber-attacks. Some of its key resources are:

• The numerous learning resources which assist in improving cyber awareness and provide information on how to best protect against cyber-attacks.

• An educational quiz which tests and strengthens your ability to identify scam (phishing) emails. The quiz provides insightful information on why messages or emails are scams or legitimate, using relevant examples.

• The ACSC Cyber Security Reports, which assist in developing understandings of Australia’s current cyber-threat environment, especially so regarding the annual reports.