Working From Home Security Guide for Australians — The Complete Checklist

Working from home has become permanent for millions of Australians, but home networks and personal devices create cybersecurity risks that a corporate office environment was specifically designed to manage. Without the right protections, remote workers can expose their employers and their own personal data to significant risk.

Secure Your Home Network

Change the default admin password on your home router — most home routers come with a default password (often "admin" or printed on the router) that is publicly documented and easily found online. Access your router's admin panel at 192.168.0.1 or 192.168.1.1 in your browser, find the admin password settings, and change it to something strong and unique. Update the router firmware — manufacturers regularly release security updates. Enable WPA3 or at minimum WPA2 encryption on your WiFi, and create a separate guest network for visitors and smart home devices.

Secure Your Work Devices

Enable full-disk encryption on your work laptop — BitLocker on Windows (search "BitLocker" in Settings), FileVault on Mac (System Preferences — Security and Privacy). This protects your data if the device is lost or stolen. Ensure operating system and application updates are applied promptly — many critical security patches are delivered through these updates. Install endpoint security software if your employer has not already done so. Use a VPN when connecting to work systems if your employer provides one.

Secure Your Accounts

Enable MFA on all work accounts, your personal email, and any accounts that hold sensitive information. Use a password manager so that your work accounts have unique, strong passwords that are not reused from personal accounts. Be particularly vigilant about your work email — if your personal email is compromised, criminals will use it to attempt to reset your work accounts. Never use your work email address for personal online accounts.

Separating Work and Personal Activity

If possible, use your work device only for work purposes. Do not use your work device for personal browsing, personal email, or personal social media — and do not let family members use your work device. If you must use a personal device for work, ensure it has up-to-date endpoint security and that work accounts use unique credentials not used on the same device for personal accounts.

Physical Security at Home

Lock your screen every time you leave your desk — Windows key + L on Windows, Control + Command + Q on Mac. Do not leave work documents visible in video calls — be conscious of what is in camera view. Shred documents containing sensitive work information rather than putting them in recycling. And ensure work calls and video meetings cannot be overheard by others in your home when discussing confidential matters. IntrusionX can provide remote work security assessments for Melbourne businesses and individuals — contact us for a free consultation.

When Using Public WiFi

Working from cafes, libraries, hotels, and co-working spaces means connecting to networks you do not control. Public WiFi networks can be monitored by other users on the same network. When you must use public WiFi for work: use your employer's VPN to encrypt all traffic; avoid accessing sensitive systems or files unless the VPN is connected; and consider using your mobile phone as a personal hotspot for particularly sensitive tasks, since 4G/5G is significantly more secure than public WiFi. Never access banking, government services, or business systems on public WiFi without a VPN.

Your Personal Responsibility

Remote workers share responsibility for security with their employer. Understand your organisation's remote work security policy — most businesses with any security maturity have one. Follow the procedures it specifies, including device encryption, VPN use, and screen locking. Report any suspected security incidents to your IT team promptly — an early report of a suspicious email or unexpected access attempt allows the organisation to respond before damage occurs. And be aware that if your personal device is used for work and it becomes compromised, you may be a vector for a much larger incident affecting your entire organisation. IntrusionX provides remote work security assessments for Melbourne businesses and can advise on policies and technical controls — contact us for a free consultation.