Conversations Over Cyber Coffee: Can Your Security Handle a Flexible Workspace?

This year we started bringing people across the Secure ISS community together for a Cyber Coffee, a relaxed 30-minute virtual chat where everyone can talk about the real-world challenges shaping cybersecurity across Australia. We've run two so far but these practical (strictly) 30 minute chats are quickly becoming a highlight of our calendar (our April session is coming up, and we'd love to have you join us! 😉)

At our latest catch-up, a fantastic question was raised: how should business leaders respond to the downstream impacts of global change on their workforce?

We all know the ongoing conflict in the Middle East has pushed up oil prices and the broader cost of living. That financial pressure falls squarely on your people. Because of this, plenty of organisations are at the very early stages of taking a fresh looking at flexible work arrangements again to help employees out.

We're far from COVID like settings BUT proactively thinking about these issues ahead of time shows quality leadership when it matters. Unlike the sudden shift to remote work a few years ago, you can make these decisions thoughtfully and if you do implement a few work arrangement changes, your security posture simply needs to be ready to support them, so a quick refresher there is in order too.

Practical Steps for Flexible Work Security

To date, despite the global uncertainty, our SOC has not observed a major spike in targeted attacks from the region. That said, this is still a good time to review your controls. The measures below are strong baseline security practices whether your team is in the office, working remotely, or doing a bit of both. They are the kind of foundations that will serve your organisation well no matter how things evolve.

• Multi-Factor Authentication (MFA)
  If you are not enforcing MFA across every account, start here. It remains one of the strongest protections against compromised credentials, especially for remote access.

• Conditional Access
  Put sensible guardrails around who can log in, from where, and under what conditions. If your team should only be logging in from Australia, block the rest.

• Endpoint Detection and Response (EDR) & Device Control
  Wherever possible, keep remote access limited to company-issued devices. Managed laptops with EDR give you far more visibility and far more control than personal devices ever will.

• Phishing Awareness Training
  If work habits are changing, refresh your phishing training early. Remote staff are often more exposed to social engineering, and a timely reminder can go a long way.

• Threat Intelligence (Blacklists)
  Keep your threat feeds current so known malicious domains and IPs can be blocked before they become a problem.

• Audit All AD Accounts
  Review Active Directory regularly and clean up dormant or forgotten accounts. The fewer open doors you leave behind, the better.

• Audit Privileged Access
  Take a hard look at Domain Admins, Enterprise Admins, and anyone else with elevated access. Too much privilege in the wrong place can cause real damage.

• Corporate Password Manager
  A corporate password manager is still one of the easiest wins. It helps reduce password reuse and stops credentials being shared loosely across teams.

• Patch Management
  Make sure off-site devices are still being patched properly. Too many remote endpoints get missed, and that is where avoidable risk creeps in.

• Secure DNS Routing
  Route DNS queries through your corporate infrastructure and avoid split tunnelling where you can. You want remote traffic to stay visible and protected.

• Data Loss Prevention (DLP)
  DLP controls help stop sensitive data from being moved into personal or unapproved cloud storage, where it can quickly get out of hand.

A Proactive Approach

The point here is not to overreact. It is to be thoughtful and make sensible decisions that support your people without allowing security to drift. As work arrangements change, your controls need to be ready to adapt with them.

Need a hand reviewing or implementing these measures? Let's chat.

Better yet, we tackle these exact topics every month. If you're exploring flexible work models and want to know how other Australian businesses are securing them, come join us for a cyber coffee! Save your spot for our next session here.