Home networks, unsanctioned tools and the use of personal devices – they all expand the surface of a cyber-attack. Remote working is here to stay, so is your business covering all its cybersecurity bases?

Working from home or from anywhere outside the office has become a normal part of business life. It offers flexibility, saves commuting time and helps attract and retain talent.

But while the benefits are clear, remote and hybrid working also increase a company’s exposure to security challenges that many businesses have yet to fully address. In a world where the next cybersecurity threat is just around the corner (quite possibly attached to your next email), your business needs to ensure resilience is built into its remote working framework and policies; especially as the risks are not always obvious, going beyond the issue of a vulnerable home internet connection.

1. Lack of Physical Security:

To protect your business, it takes more than tech and processes. You and your employees are your first line of defence, so it’s vital you are vigilant to potential security threats beyond those of an online nature.

• The potential for data leaks and data loss are all around us, such as leaving a laptop open in a co-working space to step outside and take a call. Or in a café or train carriage, where shoulder surfing is always a possibility.
• Lost or stolen devices remain another common problem. A laptop accidentally left on a train or stolen from a car boot may give someone direct access to business information if it is not properly encrypted or protected by strong login controls.

2. Use of Personal Devices (BYOD):

Laptops, phones and tablets used for both personal and work purposes are vulnerable to security threats. Employees may store sensitive business data on personal devices outside company monitoring. Lack of centralised patching, encryption, or monitoring increase the likelihood of data leaking or data loss:

• Unencrypted storage: Sensitive files may be stored in plain form on personal devices, easily accessed if the device is lost or stolen.
• Uncontrolled sharing: Employees may accidentally forward or upload data to personal email, cloud storage, or messaging apps.
• Password reuse: Between personal and work accounts is common.
• Phishing exposure: Personal devices may be used for risky browsing or app downloads, increasing the chance of malware infection.
• Compliance risks: Data stored outside company-approved systems can violate GDPR, HIPAA, PCI DSS, or other regulations.
• Account compromise: If a personal device is hacked, attackers could gain access to corporate credentials stored in browsers or apps.

3. Unsecured Wi-Fi:

• Public hotspots in hotels, airports or coffee shops are convenient, but they can be set up by criminals or left unprotected. Cyber criminals can intercept traffic via man-in-the-middle (MITM) attacks.
• Logging into work systems on these networks risks exposing passwords, emails and company data.
• Even at home, a router may be using the manufacturer’s default password and / or out of date security settings – have you checked yours?

4. Remote Logins:

• Expand the attack surface for brute force or credential stuffing.
• Unlike in the office where authentication often happens inside a private network shielded by firewalls, with remote work, VPN portals, Office 365 and cloud logins are exposed on the public internet.
• Remote logins are open 24/7.

5. Greater Autonomy and Unapproved Tools:

• Remote workers often have more freedom to install software, plugins or apps on personal or company devices, such as risky extensions, file sharing or messaging platforms, which can contain malware or data-harvesting features.

6. Lack of Central IT Oversight:

• Remote devices may run outdated operating systems, browsers, or apps. This creates entry points for ransomware and malware.
• Lack of real-time IT monitoring –
  • In the office, unusual downloads might be detected and blocked quickly.
  • Detection lags with remote endpoints.
  • Abnormal login attempts are harder for IT to spot in off-prem environments.

7. Phishing and Social Engineering:

• Remote workers rely heavily on email, chat, and collaboration tools, ie prime phishing channels.
• Fake login pages, CEO fraud, and spear phishing are harder to spot without in-office verification.

8. DIY trouble-shooting:

• Remote working means staff do not always have the same immediate access to IT support that they would in the office. If something suspicious happens, like a strange pop-up or a failed login attempt, an employee might delay reporting it or try to fix it themselves, potentially causing more harm than good.

How to Reduce the Risks while Remote Working

The good news is that businesses can take simple, practical steps to make remote working secure without creating extra barriers for staff.

• Mobile Device Management: Gives businesses a way to secure, monitor and manage smart phones and laptops, including:
  • Password policies, encryption and screen locks.
  • Requires OS and app updates to patch vulnerabilities.
  • Remote wipe and lock
  • App management.
  • Data protection and compliance, eg data loss prevention policies and encrypting work data separately from personal data in BYOD scenarios.
  • Secure access controls – enforce VPN, MFA and certificates for remote logins.

If MDM is not an option, then many of the above mitigations can be implemented individually:

• Strong, unique passwords using 3 random words or a password manager.
• Multi-factor authentication: Requiring a code sent to a phone or an authentication app adds an extra layer of security.
• Secure connections: Encouraging staff to exercise caution when using public Wi-Fi or use a company-approved VPN for safe access.
• Regular updates: Making sure all devices install the latest security patches automatically, protecting them from new vulnerabilities.
• Awareness training and a culture of cybersecurity: Teaching staff about risks like shoulder surfing, unattended devices and phishing emails. Also essential is an open culture which encourages staff to report anything suspicious, or any near misses – immediately and without fear of repercussions.

Turning Risk into Advantage

Remote working is here to stay, and the businesses that succeed will be the ones that combine flexibility with security. Companies that put strong protections in place gain more than just peace of mind. They attract top talent who value flexible working, they save on office space and running costs, and they gain resilience by being able to continue operations even if staff cannot get to the office.

In short, secure remote working is not a burden. It is an opportunity. With the right safeguards, your business can enjoy the benefits of a modern, flexible workforce while keeping your data, reputation and customers safe.

If you’d like to know more about the measures you could put in place to keep your remote workers more secure online, please get in touch with us at:

info@comprendo.co.uk / 0345 527 4394