25 March 2020

Digitally safe while socially distant – the importance of cyber-security awareness in the COVID-19 climate

This article was written by John Swinson and Johnathon Hall.

The rapid progression of COVID-19 has resulted in widespread changes to the working environment for both the public and private sectors worldwide as workplaces encourage employees to work-from-home.

While this shift brings about a number of challenges to the average workday, it is important that both employers and employees maintain awareness of cyber-security risks while adapting to and operating in the home workplace environment.

This awareness is particularly important given the uncertainty surrounding the standard of care the management and private and confidential client information is held to in the collective work-from-home environment.

External threats in the digital space

In recent weeks COVID-19 has begun fostering an environment susceptible to criminal cyber-activity that targets workplaces moving to a working-from-home model.

The ACCC's ScamWatch has recently reported a substantial increase in the number of COVID-19 themed scams. This includes the targeting of personal and client confidential information through phishing e-mails designed to provide warnings or news from reputable organisations, including the World Health Organisation. The risk posed by the legitimate format and style of these emails is heightened by the common unfamiliarity with working outside of the office, which may cause employees to lower their guard to external security threats.

Particularly, the shift towards digital communication to avoid physical proximity between employees will encourage employees to place a higher trust in emails and unexpected callers than previously done in the office environment.

In addition to creating a higher dependence on digital communication, an increase in remote working creates concern of:

  • employees using unsecure internet connections;
  • incompatibility and security flaws in local software on home computers used to access workplace networks;
  • self-help for IT issues, including in the use of new software adopted to facilitate working‑from‑home; and
  • an increase in the number of individual IP addresses accessing company information.

These factors together create a challenging environment for IT teams or service providers to manage due to the number of unknown variables and can be difficult to address if proper policies are not put in place.

Policies for the secure home workplace environment

Businesses can successfully pre-empt and manage cyber-security issues by encouraging cyber-safe practices at both an individual and management level.

At a management level, workplaces should actively reinforce or investigate adoption of a clear working from home policy to guide consistency in the security practices used by employees. Examples of key working from home policies include:

  • strong password construction and refresh policies, including the adoption of multi-factor authentication using separate work devices where appropriate;
  • ensuring that any video conferencing platforms used for workplace discussions are secure and cannot be accessed by external parties without prior permission;
  • awareness of those in the surrounding home environment and the confidential nature of any information being handled or discussed, as many professionals begin to share a common work environment;
  • requirements to use work devices where possible to create more certainty in the software used by employees and to facilitate workplace-wide software updates;
  • use of a virtual private network (or VPN) connection to secure all workplace information on a single network; and
  • encouraging employees to communicate with clients on the phone to confirm instructions if any e‑mail content appears abnormal or is particularly critical (i.e. bank account details and instructions to transfer funds).

At an individual level, workplaces should be encouraging employees to not only exercise an appropriate level of individual caution but to proactively alert IT teams or service providers to any unusual activity. This will facilitate a comprehensive approach to determining any compromising events and for determining the best external response required when communicating any security threats or breaches to clients.

Maintaining duty of care obligations

Businesses should remain aware of their duty of care obligations to customers despite the shift in work environment, and particularly their obligations surrounding customer privacy and maintaining confidentiality.

Given the unprecedented nature of the COVID-19 event, including the mass shift towards a working‑from‑home model, the level of care owed towards the security of customer data may shift toward a lower standard. On the other hand, obligations for maintaining security may be held to a higher standard than normal given the increase in risks to confidentiality arising from working outside the security offered by the office environment. Accordingly, workplaces should take the necessary precautions to ensure the security of customer information at a systems level and encourage employees to remain aware of their surroundings.

Key contacts

Data Central

Have you checked out our new Data Hub? Data Central contains a range of resources to help our clients minimise the legal, regulatory and commercial risks this data-driven environment presents and ensure that its full value is being realised.

COVID-19: Implications for Business

The spread of Coronavirus (COVID-19) has forced us to think and act differently. Beyond the human response, now is the time to think about what the consequences may be on your business, and how best you can prepare for those.

Share on LinkedIn Share on Facebook Share on Twitter
    You might also be interested in

    This article was written by Kaday Conteh, Emily Bell and Carl Black . Western Australia has now given effect to the National Cabinet Mandatory Code of Conduct (National Code) through its release...

    02 June 2020

    This article was written by Amy Munro, Eden Bird, Kyriakos Tsoukalas. Planning Minister signals prohibition on cladding products On 27 May 2020, the LIV reported that the Victorian...

    29 May 2020

    This article was written by Chris Pitson, David Bell, Mark Bayliss, Julian Bolger and Connor Fitzgibbon. Queensland has now joined the remainder of Australia’s Eastern Seaboard by giving...

    29 May 2020

    This article was written by Daisy Mallett, Amber Hu and Benedict Porter. The NSW Supreme Court has just enforced the first Chinese court judgment in New South Wales (Bao v Qu; Tian (No 2) [2020]...

    28 May 2020

    This site uses cookies to enhance your experience and to help us improve the site. Please see our Privacy Policy for further information. If you continue without changing your settings, we will assume that you are happy to receive these cookies. You can change your cookie settings at any time.

    For more information on which cookies we use then please refer to our Cookie Policy.