Remote and hybrid working is now the norm for millions of UK businesses. But while the shift has brought flexibility and productivity benefits, it has dramatically expanded the cyber attack surface โ and most SMEs have yet to fully address the new risks.
When staff work remotely, they're operating outside the protective boundary of your office network. Their home broadband, personal devices, and coffee shop Wi-Fi connections all create vulnerabilities that attackers are actively exploiting.
โ ๏ธ Remote working increased cyber attacks on UK businesses by 238% between 2020 and 2023. The risks are real, growing, and largely preventable with the right policies and tools.
The Biggest Remote Working Security Risks
๐ด Unmanaged Personal Devices
Staff using personal laptops or phones for work means you have no control over their security software, updates, or configuration. One compromised home device can be a gateway into your business.
๐ด No VPN
Without a VPN, data sent between remote workers and your office systems travels over the internet unencrypted โ potentially readable by anyone on the same network.
๐ Home Router Vulnerabilities
Most home routers have never been updated and use default credentials. A compromised home router can intercept all traffic from that connection.
๐ Public Wi-Fi
Staff working from cafes or hotels and connecting to public Wi-Fi without a VPN are exposing business data to anyone else on that network.
Essential Remote Working Security Controls
1. Implement a Business VPN
A VPN (Virtual Private Network) encrypts all traffic between your remote workers and your business systems. It's one of the most important tools for any business with remote staff. Options like Cisco AnyConnect, NordLayer, or Microsoft Azure VPN are reliable choices for UK SMEs.
2. Mobile Device Management (MDM)
MDM software lets you manage, monitor, and remotely wipe business devices โ even if they're lost or stolen. Tools like Microsoft Intune or Jamf let you enforce encryption, password policies, and approved apps on all devices accessing business data.
3. Enable Full Disk Encryption
If a laptop is lost or stolen, full disk encryption ensures the data on it can't be accessed. BitLocker (Windows) and FileVault (Mac) are built into the operating systems and free to use โ they just need to be switched on.
4. Multi-Factor Authentication on Everything
Remote access points โ email, VPN, cloud apps โ must all be protected with MFA. A stolen password is far less useful to an attacker if they can't pass the second authentication factor.
๐ก Remote access policy: Every business with remote workers should have a written Remote Working Security Policy. It doesn't need to be long โ even a one-page document that staff sign sets clear expectations and protects you legally under GDPR.
A Remote Working Security Policy Checklist
Minimum Requirements for Remote Workers
- All devices must have up-to-date antivirus software installed
- Operating systems and software must be kept updated and patched
- Work devices must be locked when unattended (auto-lock after 5 minutes)
- Personal devices must not be used to access business systems without IT approval
- Business data must not be stored on personal cloud storage (Dropbox, iCloud etc.)
- VPN must be connected whenever accessing business systems remotely
- Public Wi-Fi must not be used without VPN protection
- Lost or stolen devices must be reported to IT within 1 hour
IS YOUR REMOTE WORKFORCE SECURE?
Our free cyber audit reviews your remote working security posture and highlights the gaps โ completely free, no obligation.
๐ก Get My Free Audit