skip to main content
Workplace Health & Safety

How to protect your business from cyber threats when employees work from home

woman working in home office

Many businesses today operate with a dispersed workforce and little or no office space. And with the COVID-19 pandemic forcing even more businesses, if only temporarily, to operate largely online, it’s more important than ever to implement cyber security measures for employees working remotely from home offices.

Cloud computing, broadband connectivity, and increasingly powerful collaboration tools can enable dispersed businesses to succeed. But this model can also create special cyber risks. Employees may be working in new ways, using unfamiliar software, and accessing services with less secure hardware. Cyber criminals know that, with more people online, there are more ways to take advantage of vulnerabilities and mistakes to gain access to protected and personal information.

Business leaders and risk managers can help limit cyber risks when operating with a remote workforce by implementing strong cyber security practices and clear work-from-home policies. Follow these tips for operating your business securely online.

You can lay the groundwork for strong cyber security through the following practices:

  • Update your software and network regularly. Remote access technologies are especially vulnerable to hacking. You must consistently update device firmware and software with the most recent security configurations and patches. Outdated hardware should also be replaced as needed.
  • Use company-issued devices. Depending on your resources and the nature of your business, you may want to require employees to use only computers and mobile phones provided by your business and set up by your IT department.
  • Allocate enough IT resources to support your remote workforce. When your employees are working from home, you’ll need to ensure that sufficient IT resources are available to enable secure access to the company networks and online tools. You may also need to take steps to increase network bandwidth, data storage capabilities, computing power, and IT support.
  • Plan for cyber security exceptions. If your workforce is forced to shift abruptly to remote work, IT resources can be stretched thin. You may need to make exceptions to cyber security policies to keep your business operating. To address this issue, establish a policy for granting and monitoring IT security exceptions.
  • Prepare for worst case scenarios. Along with implementing strong cyber security practices it’s important to be ready to respond to and recover from a potentially debilitating attack. Be sure to align your cyber incident response planning with your company’s overall business continuity strategy.


Unfortunately, employees can be the weakest link when it comes to cyber security. A single weak password or click on a malicious link can undermine your cyber protections and lead to a costly hacking incident.

With a dispersed workforce, you’ll need your employees to step up their vigilance and be fully engaged team players in preventing cyber attacks. Underline the need to:

  • Connect securely. Employees should only connect to your organisation’s network and online resources through a Virtual Private Network (VPN) service that you provide.
  • Use strong passwords. Require employees to use unique, complex passwords to access your network, data, and services. Password management software can help employees create, use, and frequently change their passwords.
  • Employ multi-factor authentication. Whenever possible, require multi-factor authentication log-ins—such as a code texted to a phone in addition to a password—which are more secure than user ID and password log-ins.
  • Reject requests for information from unknown sources. Caution employees against providing sensitive information requested from uncertain sources. They should also be made aware that hackers will try to spoof trusted sources to collect confidential information and security credentials.
  • Take care when clicking on links, opening attachments, and downloading software. Hackers will attempt to gain access to networks and data by sending deceptive emails with malicious links or attachments. Make sure your employees are instructed to verify sources when in doubt, and type in URLs rather than following links.


In addition, consider establishing an IT security training program that educates your employees about cyber risk and security practices during onboarding, with refreshers on an annual basis. You may even want to include cyber security compliance in employee reviews and evaluations

This content is brought to you by Chubb Insurance Australia Limited (“Chubb”) as a convenience to readers and is not intended to constitute advice (professional or otherwise) or recommendations upon which a reader may rely. Any references to insurance cover are general in nature only and may not suit your particular circumstances. Chubb does not take into account your personal objectives, financial situation or needs and any insurance cover referred to is subject to the terms, conditions and exclusions set out in the relevant policy wording. Please obtain and read carefully the relevant insurance policy before deciding to acquire any insurance product. A policy wording can be obtained at, through your broker or by contacting any of the Chubb offices. Chubb makes no warranty or guarantee about the accuracy, completeness, or adequacy of the content. Readers relying on any content do so at their own risk. It is the responsibility of the reader to evaluate the quality and accuracy of the content. Reference in this content (if any) to any specific commercial product, process, or service, and links from this content to other third party websites, do not constitute or imply an endorsement or recommendation by Chubb and shall not be used for advertising or service/product endorsement purposes. ©2020 Chubb Insurance Australia Limited ABN: 23 001 642 020 AFSL: 239687. Chubb®, its logos, and Chubb.Insured.SM are protected trademarks of Chubb.

Contact us
Contact us

Have questions?

Contact a broker today.