Call 1300 565 846 or +61 2 9458 7005
Close

Subscribe

Join our mailing list to receive breaking news and webinar invites.

Please tick if you'd like to receive alerts and webinar invites on the following topics:




Agree to the terms of our Privacy Policy.: By submitting this form you agree to the terms of our Privacy Policy.

Cyber Security while Working from Home

Cyber Security while Working from Home

Cyber Security while Working from Home
WRITTEN BY
Suzie Leask
Suzie Leask
Director

Cyber Security while Working from Home


With the Delta variant renewing threats on our public health system and economy, it is a stark reminder to businesses that they need to revisit their cyber security, data protection and privacy policies and practices.  Assessing the associated risks of employees working from home and setting new cyber security standards and best practices is critical to protect your customers’ interests and for business continuity.

The Office of the Australian Infomration Commissioner (OAIC) has issued some guidance to help entities regulated by the Privacy Act 1988 (Act) address their privacy obligations during the coronavirus pandemic.

OAIC recommendations

Australian Government agencies and private sector employers that are regulated entities under the Act (Australian Privacy Principles (APP) entities) need to:

  • take reasonable steps to keep personal information secure;
  • consider whether any changes to working arrangements will have an impact on the handling of personal information;
  • consider taking steps to notify employees of how their personal information will be handled in responding to any potential or confirmed case of COVID-19;
  • assess any potential privacy risks where employees are working remotely; and
  • ensure reasonable protocols are followed to keep personal information secure where employees are working remotely.
APP entities need to consider implementing similar privacy and data security protocols for employees working from home to those that apply in an office environment.

Steps to protect personal information WHEN employees work remotely 


The OAIC outlines steps to protect personal information when working from home (or anywhere other than the office), including:
  • understanding the latest advice from the Australian Cyber Security Centre;
  • ensuring continued compliance with the Protective Security Policy Framework requirements;
  • securing mobile phones, laptops, data storage devices and remote desktop clients;
  • increasing cyber security measures in anticipation of the higher numbers of employees working on remote access technologies, and testing them in advance;
  • ensuring all devices, Virtual Private Networks and firewalls have necessary updates and the most recent security patches (including to operating systems and anti-virus software) and have strong passwords;
  • ensuring employees only use work email accounts for work related emails that contain personal information;
  • implementing multi-factor authentication for remote access systems and resources (including cloud services); and
  • only accessing trusted networks or cloud services.

What else does your business need to consider?

If your business has a turnover of more than $3 million per annum, you will need to have a privacy policy and collection statement to comply with the Privacy Act, whether you are a proprietary limited company, trust, incorporated association or sole trader.

Understand your employee’s home network security and how well it would weather a cyber attack. This will indicate whether your business needs to provide anti-virus software and information technology support. Businesses that provide clear guidance and support to employees as well as employee training on how to deal with suspicious emails can mitigate any potential losses associated with cyber attacks.

Check whether your business has an up-to-date cyber security policy and whether the risks associated with employees working remotely are included.

Ensure that your business has a data breach response plan, a privacy officer or person appointed to deal with privacy matters and that your employees know what they need to do and who to contact in the event a data breach occurs.  

Finally, ensure your business’s expectations have been communicated to employees around secure storage and how to dispose of confidential documents they have taken home for work.
 

Further support 

For specific legal advice about data protection and privacy related matters, and to minimise the risks associated with working remotely, contact Australian Business Lawyers & Advisors Corporate and Commercial Team on 1300 565 846 or at: dataprotection@ablawyers.com.au.  

Related Resources

Join our mailing list to receive breaking news and webinar invites.

Please tick if you'd like to receive alerts and webinar invites on the following topics:




By submitting this form you agree to the terms of our Privacy Policy.
Please tick if you'd like to receive alerts and webinar invites on the following topics:




By submitting this form you agree to the terms of our Privacy Policy.

Join our mailing list to receive breaking news and webinar invites.

Please tick if you'd like to receive alerts and webinar invites on the following topics:




By submitting this form you agree to the terms of our Privacy Policy.

Australian Business Lawyers & Advisors (ABLA) (ACN 146 318 783) is the Trustee of Australian Business Lawyers & Advisors Trust (ABN 76 008 556 595). Liability limited by a scheme approved under Professional Standards Legislation.  Legal practitioners employed by or directors of Australian Business Lawyers & Advisors Pty Limited are members of the scheme.

To understand how we protect your privacy, please refer to our Privacy Policy.