Home Resources Latest News & Insights Remote Access

Remote Access

Cybercriminals are targeting hybrid and remote workers. How can businesses protect themselves when hackers go after what is often a security ‘weak link’?
Published: 12/12/2025
Cyber Insurance
Warning icon on a digital LCD display with reflection. Concept of cyber attack while an employee is working from home or working remotely, malware, ransomware, data breach, system hacking, virus, spyware, compromised information and urgent attentionloading...

Cyberattack: How to protect remote and hybrid workers 

Prior to COVID-19, around 11% of working age Australian adults reported working from home (WFH) at least once a week, and 12% worked from home on all or most days a week, according to a Productivity Commission report. At the height of the pandemic, around 31% were WFH all or most days. By April 2022, when lockdowns and restrictions had eased, rates of WFH at least once a week dropped to 18% and 27% for all or most days.  

Since the pandemic, more businesses and workers have embraced remote (WFH, cars and cafes) and hybrid (a mix of working at the office/onsite and WFH/offsite) working. According to an August 2024 survey by the Australian Bureau of Statistics, more than 36% of people reported that they usually WFH. Data from the Australian Institute of Health and Welfare found similar proportions of males (35%) and females (36%) worked some hours from home. Middle aged and older people were more likely to WFH, including people aged 35 to 49 (46%), aged 50 to 64 (38%), and aged 65 and over (40%), with those employed as managers (60%), professionals (55%), and clerical and administrative workers (43%), the most likely to be working at least some hours from home.  

WFH has become so popular that one jurisdiction is looking at amending legislation to ensure flexible working arrangements are entrenched. Next year, the Victorian Government proposes to legislate the right to WFH two days a week after a survey found 74% of employees value the right to WFH, with many feeling it is essential for their well-being and productivity. The legislation would be underpinned by a Flexible Work Policy, which would aim to embed hybrid and flexible ways of working into business arrangements. However, legal experts have warned that the proposal, which has been welcomed by some unions and slammed by some businesses, is unlikely to be enforceable if enacted. 

Advantages and risks 

There are numerous advantages for both employees and employers in offering flexible working arrangements. According to a 2025 report from the Australian HR Institute (AHRI), the top four advantages of hybrid working are perceived to be:  

  1. Better work-life balance (65%).  
  2. Higher employee retention rates (44%).  
  3. A greater ability to attract candidates (41%).  
  4. Enhanced health and wellbeing for employees (41%). 

The report also noted there is a perception among employers that employees who work in a hybrid way are more productive on average – 45% said it has had a positive effect on productivity levels, compared with 11% who thought it had had a negative effect.

WFH saves the average Australian more than $5,000 per year, and boosts productivity and workforce participation, according to a report by the Committee for Economic Development of Australia (CEDA). 

There are also disadvantages and risks associated with remote and hybrid working. While the AHRI report notes the top three disadvantages of hybrid working were perceived to be: a feeling of disconnection between colleagues (57%); reduced opportunity for staff collaboration (38%); and difficulty in monitoring performance (35%), a key risk facing businesses with remote and hybrid workers is that of cyberattacks. 

Cybercriminals targeting remote and hybrid workers 

According to the Australian Signals Directorate’s (ASD) Australian Cyber Security Centre sixth Annual Cyber Threat Report, state-sponsored cyber actors were a “serious and growing threat”, targeting networks operated by Australian governments, critical infrastructure and businesses for state goals.  

The report noted, “many Australian businesses and other organisations hold large amounts of sensitive and valuable data, such as proprietary information, research and personal data. State-sponsored cyber actors may use this data to support further targeting against government and critical infrastructure organisations, as well as their supply chains. State-sponsored cyber actors have also compromised home devices connected to the internet, such as home routers, to create botnets that support further targeting around the globe”. 

It further detailed that malicious cyber actors use vulnerabilities in ‘edge devices’ (critical network components positioned at the network’s periphery) that connect a private network, such as someone’s home or work, with a public, untrusted network like the internet. “The most common edge devices used include home and enterprise routers, firewalls and virtual private network (VPN) products.” 

According to national law firm Mills Oakley, this year’s threat report emphasises the risk to remote working arrangements “more so than previous publications”, reported Cyber Daily. 

“Specifically, it calls out that state-sponsored actors are adapting their techniques to exploit vulnerabilities in remote work environments, including targeting home networks, personal devices, and cloud-based collaboration tools used by WFH employees.” The law firm notes that threat actors are increasingly seeing opportunity to successfully exploit this vulnerability, particularly amongst SMEs. 

BigLaw’s employment law partner Christa Lenard told HR Leader, that the ASD’s report highlighted that state-sponsored actors are “targeting the weakest link in hybrid work” – that is, home networks, personal devices, and identity access.  

Lenard said: “For employers, the risk is not just technical, it is both legal and reputational, with data protection and confidentiality breaches, regulatory notification failures, and downstream liability via third-party and BYOD (bring your own device) exposure, front and centre.” 

Of course, it isn’t only state-backed threat actors that pose a risk. Any intrusion into an organisation’s systems via hackers exploiting remote and hybrid workers can seriously compromise the business. 

Risk factors in remote work environments 

“Working remotely, or mixing that and in-office work, can raise the risk of data breaches and different types of cyberattacks for various reasons”, reported TechTarget. According to the article, the 10 most prominent cybersecurity risks associated with remote work and the work-from-anywhere movement are: 

  1. Expanded attack surfaces. 
  2. Limited or no oversight of how remote workers handle data. 
  3. Increased vulnerability to AI-driven attacks. 
  4. Webcam hacking and Zoombombing. 
  5. Networks shared with other vulnerable devices. 
  6. Vulnerabilities in chat platforms. 
  7. Unsecured and vulnerable networks. 
  8. Challenges in complying with data regulations. 
  9. Increased susceptibility to phishing and other social engineering attacks. 
  10. Unsecured and vulnerable hardware.  
‘Weakest link’ – employee behaviours compromising cybersecurity 

The CyberArk 2024 Employee Risk Survey revealed that 60% of Australian workers admitted to bypassing cybersecurity policies for convenience and engaging in behaviours that could compromise security. 

Risky behaviours included: 

  • Using personal devices to access workplace systems (80%). 
  • Using the same log-in credentials to access multiple work-related applications (49%). 
  • Using the same credentials for both personal and workplace accounts (33%). 
  • Using one password across multiple accounts (27%). 
  • Finding ways to get around cybersecurity policies (65%). 
  • Not promptly installing security updates on personal or BYOD systems (36%). 
  • Avoiding installing updates (18%). 
  • Using personal devices instead of corporate issued ones (18%). 
  • Not using a VPN when they access work resources (26%). 
  • Using personal devices as wi-fi hotspots (20%). 
  • Performing one or more highly valuable (for an attacker) actions with the tools or systems they access and use at work (66%). 
  • Downloading sensitive customer data (40%). 
  • Altering critical or sensitive data (33%). 
  • Approving large financial transactions (30%). 
  • Sharing workplace-confidential data externally (41%). 
  • Using external personal storage services to store and share workplace-related information with external parties (35%). 
  • Sharing workplace-related passwords and credential log-ins with co-workers (30%). 
  • Forwarding corporate emails to their personal account (17%). 
  • Using AI tools for work-related tasks (66%) – with some inputting sensitive data into systems not approved by their employers. 
  • Using AI tools that their organisations neither monitor nor manage (24%). 

The survey found, in the preceding 12 months: 

  • 60% used a personal device to access work-related apps, emails, or systems. 
  • 45% had to share a work password with a colleague for legitimate reasons. 
  • 43% logged into a public wi-fi on a work device. 
  • 42% had been bombarded with so many authentication requests in a short space of time that they just clicked ‘accept’. 
  • 40% used a colleague’s work device for own work. 
  • 35% received and clicked on links in a phishing email. 
  • 34% lost a personal device. 
  • 25% lost a work device. 

The findings emphasise the need for businesses to shore up cybersecurity as they adapt to hybrid working. 

How to protect the business from hybrid and remote working cyber risks 

Some actions businesses and those WFH may like to consider include: 

Governance and management 

  • Having an inventory of assets. 
  • Understanding where the digital information is, what information is being collected, where it is stored, and how that data is being protected. 
  • Ensuring all employees know the business’ statutory obligations in relation to data protection. 
  • Immediately removing ex-employee access to systems. 
  • Ensuring cloud services are secure. 
  • Adopting policies around BYOD and use of public wi-fi. 
  • Setting strong password/passphrase policies. 
  • Requiring employees to only use computers, mobile phones and other devices provided by the business and set up by IT. 
  • Implementing a zero-trust security framework. 
  • Limiting access to data and systems – securing access points and making the process for exceptions straightforward. 
  • Conducting dark web credential monitoring to ensure employee log-in credentials haven’t been compromised. 
  • Training staff on cybersecurity including social engineering, MFA bypass scams, and QR/voice/SMS lures. 
  • Regularly reviewing the business’ WFH/BYOD policies. 
  • Updating policies and procedures to address the heightened security risks associated with remote work. 
  • Having incident response systems. 
  • Ensuring employees working remotely know what is required of them. 
  • Talking to your EBM Account Manager about risk mitigation and the role of cyber insurance and other policies in protecting the business. 

Software and hardware 

  • Using a VPN and mandating secure wi-fi settings. 
  • Securing home networking – setting a unique password, enabling wi-fi encryption, limiting access to specific MAC addresses, and running the latest firmware version. 
  • Installing antivirus software on devices that access the enterprise network. 
  • Securing home and enterprise routers. 
  • Using secure, password-protected wi-fi networks and avoiding public internet connections. 
  • Employing firewalls. 
  • Using encryption to protect sensitive data. 
  • Using cloud-based file sharing to keep data off worker devices. 
  • Ensuring proper cloud configurations and access. 
  • Implementing strong authentication protocols such as multi-factor authentication (MFA) for all core applications. 
  • Avoiding ‘shadow IT’ environments developing (shadow IT is where employees acquire, change or build technology with zero visibility from IT). 
  • Requiring security patches to be immediately applied to all company-owned and BYO devices and systems. 
  • Turning on automatic software updates on all work devices. 
  • Regularly updating software and patching network security holes. 
  • Replacing outdated hardware as needed. 
  • Ensuring any SaaS service signed up for, or tools downloaded, are approved. 
  • Encrypting and backing up all important business data to a secure, off-site location.  
  • Using allowlisting, web filtering and endpoint firewalls to control traffic and block untrusted connections. 
  • Deploying user behaviour analytics tools (UBA) or user and entity behaviour analytics (UEBA). 
  • Employing centralised monitoring to catch issues like mass data exfiltration.  
Key takeaway 

Flexible working such as WFH and hybrid arrangements have become commonplace since the pandemic. With more employees working remotely, more opportunities for cybercriminals to exploit vulnerabilities in security have emerged.  

To reduce the risk of the business falling victim to a cyber incident, attack surfaces need to be minimised, and remote working arrangements appropriately managed.  

Need expert guidance? 

Your EBM Account Manager can provide you with information on cyber insurance options to help protect your business.  

Further reading/resources 
Published: 12/12/2025
Cyber Insurance