Remote work has normalised the practice of staff accessing company systems from home environments. While this shift has delivered clear benefits for productivity and retention, it has also expanded the attack surface that organisations need to defend. Our network penetration testing engagements consistently reveal misconfigurations in remote access infrastructure — frequently enough that remote access is one of the first paths we probe on every assessment.
Understanding where the risks lie is the first step towards managing them. Below are the five most common remote working cyber security risks we see across organisations of all sizes.
1. Increased phishing susceptibility
Remote workers lack the informal oversight that comes with sitting alongside colleagues. In an office, a suspicious email can be quickly checked with the person next to you. At home, that safety net disappears. Attackers know this and craft targeted phishing emails that impersonate legitimate contacts, IT support, or senior leadership to harvest credentials and sensitive data.
The isolation of remote work makes employees more likely to act on a convincing phishing email without pausing to verify it. This is why social engineering assessments, including simulated phishing campaigns, are one of the most effective ways to identify behavioural vulnerabilities before a real attacker exploits them.
2. Weak authentication methods
Many organisations still rely on single-factor authentication for remote access. If a username and password combination provides access to a VPN, email, and internal systems, the compromise of one credential can unlock the entire network.
Multi-factor authentication (MFA) using time-based tokens adds a valuable layer of protection, though sophisticated phishing attacks can still capture both a password and a one-time code in real time. Certificate-based authentication paired with user credentials offers the strongest protection, though implementation requires careful planning around device distribution and service compatibility.
During our network penetration tests, weak or misconfigured remote access authentication is one of the most common findings. It is also one of the easiest to fix.
3. Home broadband router limitations
Consumer-grade home routers lack the security features that are standard in corporate network environments. There is no content filtering to block access to known malicious websites, no intrusion detection, and limited firewall controls to restrict unauthorised outbound communication.
This means that a compromised device on a home network has fewer barriers between it and an attacker's command-and-control infrastructure. Software-based compensations can help: endpoint antivirus products with integrated web filtering, host-based firewalls, and DNS-level protections all reduce the gap, but they require deliberate configuration and ongoing management.
4. Update and patching gaps
Machines that were previously configured to pull updates from on-premise servers may lose connectivity to those update sources when working remotely. This can affect operating system patches, security policy updates, and antivirus definitions.
Group policy configurations that automatically distributed security settings across the office network may become inaccessible to remote devices, leaving them running outdated software with known vulnerabilities.
5. Unapproved software installation
Without the oversight that comes with an office environment, users are more likely to install third-party applications on work devices. Legitimate software downloads often bundle additional programs, browser extensions, or toolbars that introduce new vulnerabilities.
With a greater number of installed applications comes a greater risk that one of those applications contains a vulnerability that goes unpatched. Untracked applications sit outside IT maintenance cycles and security update processes, creating blind spots in the organisation's security posture.
Application whitelisting and endpoint detection and response (EDR) solutions can significantly reduce this risk, but they need to be configured and monitored proactively.
What this means for your organisation
Remote working is here to stay for most organisations. The risks outlined above are not theoretical. They are the vulnerabilities we find and exploit during real-world security assessments, and they are the same ones that criminal attackers are targeting every day.
The good news is that each of these risks is manageable. A combination of network penetration testing to assess your remote access infrastructure, social engineering assessments to test your people, and cloud security reviews to evaluate your distributed environment gives you a clear, evidence-based picture of where your vulnerabilities lie.
If your organisation has adopted remote or hybrid working and has not yet tested the security of that arrangement, now is the time to do so. Get in touch and we will explain the straightforward steps you can take towards a more resilient setup.