Remote Worker Cybersecurity: UK Business Protection Guide

The remote worker security problem

When staff work from home or other remote locations, they are operating outside the controlled environment of the office network. IT teams have traditionally enforced security through network-level controls — firewalls, proxy servers, email gateways — that only function when devices are connected to the corporate network. Remote workers bypass these controls entirely when connecting directly to cloud services or the internet from home.

The UK Cyber Security Breaches Survey identifies remote working as a factor that has increased cyber risk for a proportion of businesses. The reasons are practical: home broadband routers with default credentials, personal devices shared with family members, shadow IT applications adopted for convenience, and the absence of informal social verification that office environments provide.

VPNs for remote workers

A Virtual Private Network (VPN) creates an encrypted tunnel between the remote device and the corporate network. Traffic passes through this tunnel as if the device were in the office, allowing corporate network controls — internal firewall rules, network monitoring — to apply to remote connections.

Split tunnelling — where only traffic destined for corporate resources passes through the VPN, whilst general internet traffic goes direct — is often the default configuration as it reduces VPN server load and avoids routing personal browsing through the corporate network. Full tunnelling — where all traffic routes via VPN — provides more comprehensive monitoring but adds latency and requires a more capable VPN infrastructure.

For cloud-first organisations using Microsoft 365 and other SaaS platforms, the value of a traditional VPN is reduced, since most applications are accessed directly over the internet rather than via the corporate network. In these environments, conditional access policies and endpoint management provide more effective security than a VPN.

Endpoint security for remote devices

Remote devices must be secured at the device level, since they cannot rely on network security controls. The baseline for remote worker endpoints includes:

• Full-disk encryption: Protects data if the device is lost or stolen. BitLocker (Windows) and FileVault (macOS) are standard and can be enforced and monitored via Microsoft Intune.
• Endpoint detection and response (EDR): Provides behavioural threat detection that operates regardless of network location. Cloud-connected EDR platforms like Microsoft Defender for Endpoint and CrowdStrike Falcon continue monitoring and reporting even when the device is off-VPN.
• Automatic patch management: Remote devices must be kept up to date. Intune and Windows Update for Business can enforce patch compliance and report on devices that are falling behind.
• Screen lock policies: Devices should lock automatically after a short idle period, requiring PIN, password or biometric authentication to unlock.

Identity and access management for remote access

The shift to remote work makes identity the new security perimeter. When the network boundary cannot be relied on, verifying the identity of the person attempting to access a service becomes the primary control.

• MFA on all cloud services: Email, cloud applications and any internet-accessible service should require MFA. Microsoft Entra ID with Security Defaults enables MFA across all Microsoft 365 applications for all users.
• Conditional access: Policies that require compliant, managed devices and known user locations before granting access to sensitive resources add a device trust layer beyond password and MFA.
• Privileged identity management: Remote administrative access should be time-limited and require explicit elevation, preventing standing privileged access that could be exploited if credentials are compromised.

Secure communication for remote teams

Remote workers communicate across multiple channels — email, video calls, messaging apps, file sharing. Each channel has different security properties. Standardising on a corporate communication platform — Microsoft Teams provides messaging, calling, file sharing and meeting capabilities within a governed, audited environment — reduces the scatter of sensitive information across personal messaging apps and personal email.

Where employees need to share sensitive files externally, a secure sharing link with access controls (SharePoint external sharing, OneDrive with link expiry) is more appropriate than emailing files as attachments. AMVIA helps UK businesses configure their Microsoft 365 environment to support secure remote collaboration, with appropriate data governance and sharing controls.

Remote working policy

Technical controls are more effective when supported by a written remote working security policy that covers: approved devices and networks, expectations around home network security, the use of approved communication channels, reporting procedures for suspected incidents, and the conditions under which personal devices may be used for work. The policy should be signed by all remote workers and reviewed annually.