Hand icon on a computer pointing to a word: Security

Cybersecurity in the ‘Next Normal’: Minimum Standards When Working From Home

The white-collar workforce is likely to look very different long into the future. While some workers are already heading back into the office, the reality is that most of your staff likely want to stay home at least three days each week. We’re expecting to see more businesses offering remote workdays as a perk even after restrictions ease and ultimately come to a close. This means more businesses need to be implementing robust permanent measures and policies that address cybersecurity when working from home.  

Increased cybersecurity risk when working from home.  

Ransomware attacks have increased dramatically over the past 12 months as malicious actors take advantage of increased vulnerabilities resulting from work-from-home arrangements. In fact, attacks have increased in frequency so much that The Conversation referred to them as a “digital pandemic”. But the reality is that your organisation faces significant cybersecurity risks that don’t involve malicious actors.  

When your team works from home, you have less control over the equipment being used to access your server and network security. You also face significantly higher risk of privacy breaches, especially where team members access personal data stored by your company from their homes. You need to take steps to protect your IT infrastructure from both internal and external threats.  

WFH Cybersecurity Best Practices

It is a mistake to assume that your cybersecurity risk can be managed by your IT team. Cybersecurity risk management involves careful preparation and planning that reflects the risks posed by:  

  • technical weaknesses and vulnerabilities,  
  • operational process flaws, and  
  • your biggest cybersecurity threat, your staff.  

Cybersecurity When Working from Home: Best Practices for Your IT Team 

Current technical cybersecurity best practices include (but aren’t limited to) reliance on: 

  • Secure access mechanisms (including multi-factor authentication and enforced strong password requirements).  
  • High-quality security software.  
  • Virtual desktops or Desktops-as-a-Service (DaaS). 
  • Robust corporate firewalls. 
  • File integrity measures.  
  • Incident detection protocols, including DNS, operating system event, and email server logs, as well as web proxy logs.  
  • Activity detection mechanisms that look for rapid file copying or changes, usage outside of business hours, excessive printing, data transfers to unauthorised or irregular third-parties or removeable data storage devices, and unauthorised or irregular data access.  

These technical measures should be supported by the appropriate policies and training. 


Photograph of staff member wearing a yellow sweater working on an Apple Mac laptop at a wooden table while engaging in cybersecurity when working from home.


Operational Cybersecurity Measures for Work-From-Home Employees 

Your IT team should work with legal counsel to develop robust guidelines and implement a Bring Your Own Device (BYOD) Policy or similar guidelines on the use of employee-owned devices (laptops, phones etc) to access organisational systems and process corporate data. These policies address employee and employer obligations u which should include, at a minimum: 

  • Mandatory security software for any device used to access company networks.   
  • Network requirements, include use of a VPN.  
  • An outline of the extent of the surveillance of the employee’s personal device.  
  • Password and 2-factor authentication requirements.  

Reducing the Cybersecurity Risk Posed by Your Team 

As work-from-home arrangements become a privilege or perk, not an obligation, organisations are in a better position to demand that certain standards and requirements are met. You should implement mandatory staff training for workers who will continue to work from home. This training should address:  

  • Why cybersecurity matters.  
  • The types of errors that often result in cybersecurity and privacy breaches, and how to prevent them.  
  • An overview of common cybersecurity risks, including phishing, spear phishing, and an overview of social engineering. 
  • How to ensure your devices are secure. 
  • First line of response if you think something might be wrong. 

Further Resources with Guidance on Cybersecurity When Working From Home

The Australian Cyber Security Centre Resources for Small to Medium Businesses.

The Australian Cyber Security Centre Resources for Large Organisations & Infrastructure.

Develop Stronger Cybersecurity when Working from Home with Privacy108.

Privacy108’s lawyers work with organisations to improve your cybersecurity protections.  

We develop cybersecurity programs that address technical, operational, and personnel-related risks, and provide guidance and oversight while you implement the changes.  

We also develop and deliver tailored privacy and security awareness training targeted at your organisation’s requirements. You’ll receive high-quality training from a leading privacy and cybersecurity lawyer, as well as supplementary resources to help upskill your team. 

To start building a better cybersecurity framework, get in touch

Want to receive updates like this in your inbox? Subscribe

  • We collect and handle all personal information in accordance with our Privacy Policy.

  • This field is for validation purposes and should be left unchanged.


At Privacy 108, we are passionate about privacy and data protection. We work with organisations to ensure they collect, use and secure all information in a way that is both compliant and meets community expectations. Privacy 108 is a law firm. Our team of lawyers can provide specialist legal advice on privacy and security issues.