Keeping Remote Workers Secure: AMVIA Cybersecurity Guide

The security challenge of the distributed workforce

When the entire workforce operated from a single office, the security perimeter was relatively clear: a corporate network with controlled entry points, managed devices, and physical access controls. Remote working dismantled this model. Employees now access corporate systems from home networks, hotel Wi-Fi, personal devices, and coffee shops — environments the IT team has no visibility into and no control over.

The UK Cyber Security Breaches Survey has consistently shown that the shift to remote working increased the frequency of security incidents. The root causes are predictable: inadequate device security on personal equipment, use of home Wi-Fi with poor security, shadow IT applications used to circumvent corporate controls, and the absence of in-person verification that makes social engineering more effective over digital channels.

Securing the device: managed endpoints for remote workers

The most reliable way to secure remote workers is to ensure they use managed devices — laptops and mobiles issued and configured by the IT team, with consistent security policies enforced regardless of location. Managed devices should have:

• Full-disk encryption (BitLocker on Windows, FileVault on macOS) so that a stolen device does not expose company data
• Endpoint detection and response (EDR) software providing behavioural threat detection that operates even without a corporate network connection
• Automatic patching to ensure operating systems and applications remain up to date when devices are not regularly connected to a corporate network
• Mobile Device Management (MDM) via Microsoft Intune or similar, enforcing configuration policies and enabling remote wipe if a device is lost or stolen

Where personal devices (BYOD) are permitted, a mobile device management solution can apply a separate managed work profile, maintaining a security boundary between personal and corporate data without requiring full control of the personal device.

Securing access: zero trust and identity controls

Network access controls that once assumed anyone inside the corporate network was trustworthy are inadequate for remote working. Zero trust architecture — where every access request is verified regardless of where it originates — is the appropriate model.

In practice, this means:

• Multi-factor authentication on all cloud services: Microsoft 365, Salesforce, HR platforms, finance systems — any application with remote access must require MFA
• Conditional access policies: Microsoft Entra ID (formerly Azure AD) conditional access can enforce policies that require compliant managed devices, block access from high-risk locations, and require MFA step-up for sensitive operations
• VPN or zero trust network access (ZTNA): For access to on-premise systems, a VPN provides an encrypted tunnel. For larger or more security-conscious organisations, a ZTNA solution provides more granular, application-level access without routing all traffic through a corporate VPN

Securing communication: encrypted channels

Remote workers communicate through a wider range of channels than office workers — messaging apps, video calls, personal email, file sharing links. Each channel introduces potential for data leakage or interception.

Standardising on a corporate communication platform — Microsoft Teams for messaging, calls and file sharing within Microsoft 365 — provides encrypted communications with audit logging and data governance. Personal messaging apps should not be used for business communications containing sensitive information.

Home network security

The home router is an unmanaged device on which the IT team has no direct visibility. Common risks include default admin credentials that have never been changed, unpatched router firmware, and personal IoT devices on the same network as work equipment. Basic guidance for employees includes: change the default admin password on the home router, ensure Wi-Fi uses WPA3 or WPA2 encryption, and consider a separate guest network for personal devices to isolate work equipment.

IT teams cannot control home network security, but they can reduce dependence on it by ensuring that work devices are secured at the endpoint level and that cloud services require MFA, so that a compromised home network does not automatically translate into a compromised work account.

Security awareness for remote workers

Remote workers face the same phishing and social engineering threats as office workers, with fewer informal social checks — the ability to glance across the desk and ask a colleague whether a suspicious email looks legitimate. Security awareness training specific to the remote working context, covering home network security, recognition of phishing attempts, and correct use of approved communication channels, is an important supplement to technical controls.

AMVIA helps UK businesses secure their remote and hybrid workforces with managed endpoint protection, MDM configuration, Entra ID conditional access, and ongoing security monitoring — providing a consistent security posture regardless of where employees are working from.