Working from Home Safely

Why you need a VPN:

• Encrypts data traveling between home and office
• Hides your business activity from home internet providers
• Allows secure access to office systems and files
• Protects against public WiFi attacks

Setting up business VPN:

1. Choose a business VPN service: NordLayer, ExpressVPN Business, or Cisco AnyConnect
2. Configure user accounts: Create separate VPN accounts for each employee
3. Install VPN software: Put the VPN app on all devices employees use for work
4. Test the connection: Verify employees can access office systems through the VPN
5. Train your team: Show employees how to connect and when to use the VPN
6. Monitor usage: Check VPN logs to ensure it's being used properly

VPN usage rules:

• Always connect to VPN before accessing business systems
• Use VPN for all work-related internet activity
• Don't share VPN credentials with family members
• Report VPN connection problems immediately

Physical security at home:

1. Secure workspace: Set up a dedicated work area away from family activity
2. Lock screens: Always lock your computer when stepping away
3. Secure documents: Keep printed business documents in a locked drawer
4. Position screens carefully: Ensure neighbors or visitors can't see your work
5. Control access: Don't let family members use work devices
6. Secure storage: Use a dedicated work device that stays in your home office

Home network security:

1. Change router passwords: Replace default passwords with strong, unique ones
2. Update router firmware: Check for and install router updates monthly
3. Use WPA3 encryption: Enable the strongest WiFi security available
4. Create separate networks: Use guest WiFi for visitors and smart home devices
5. Disable unnecessary features: Turn off WPS, remote management, and unused ports
6. Monitor connected devices: Check what devices are on your network regularly

Device security:

1. Use company devices: Don't mix personal and work devices
2. Keep software updated: Install all security updates immediately
3. Enable device encryption: Use BitLocker (Windows) or FileVault (Mac)
4. Set up remote wipe: Enable ability to erase device if lost or stolen
5. Use antivirus software: Install business-grade security software
6. Backup regularly: We'll show you how to set up automated backups - read more here

Secure remote access:

1. Use multi-factor authentication: Add extra security to all remote access - read more here
2. Limit access hours: Restrict remote access to normal business hours when possible
3. Monitor access logs: Check who's accessing what and when
4. Use secure remote desktop: Avoid basic remote desktop protocols
5. Require VPN for all access: No exceptions for accessing business systems
6. Implement session timeouts: Automatically log out inactive users

Cloud service security:

1. Use business accounts only: Don't use personal Google Drive, Dropbox, etc. for work
2. Enable advanced security features: Turn on threat detection and data loss prevention
3. Control sharing permissions: Limit who can share files outside your organisation
4. Monitor file access: Track who downloads or shares sensitive documents
5. Use approved applications: Only use business-approved cloud services
6. Regular access reviews: Check and remove unnecessary permissions quarterly

Secure communication tools:

1. Use business communication platforms: Microsoft Teams, Slack, or Zoom for Business
2. Enable encryption: Turn on end-to-end encryption for sensitive conversations
3. Control meeting access: Use passwords and waiting rooms for video calls
4. Avoid personal messaging: Don't use WhatsApp, personal email, or SMS for business
5. Train on phishing: Remote workers are targeted more frequently - read more here
6. Document communication policies: Create clear rules about acceptable communication methods

What happened: A Sydney consulting firm had client data stolen when an employee working from home used their personal laptop and home WiFi to access the company's customer database.

The problem: The employee's home WiFi was unsecured, their personal laptop had malware, and they weren't using a VPN to encrypt their connection.

How criminals got in: Malware on the personal laptop captured the employee's login credentials and used them to access the company's systems over the unsecured home network.

What they fixed: The company now provides work laptops, requires VPN use for all remote access, and mandates that employees secure their home networks.

Source: ACSC Small Business Cyber Security Guide

For employers:

• Provide company devices for remote work
• Set up business VPN for secure access
• Implement strong password policies - read more here
• Enable multi-factor authentication on all systems
• Create remote work security policies
• Monitor remote access and device usage
• Provide regular security training
• Test incident response procedures for remote scenarios

For employees:

• Use only company-provided devices for work
• Connect to VPN before accessing any business systems
• Secure your home WiFi network
• Lock your screen when away from your desk
• Keep work documents private from family members
• Report security concerns immediately
• Don't mix personal and business activities on work devices
• Follow company communication and file sharing policies