Before the coronavirus pandemic hit, working from home used to be a novelty for many employees. According to a June 2020 IBM Security and Morning Consult “Work From Home Survey,” 80% of respondents say they worked from home either rarely or not at all prior to the pandemic. In-office work allowed employers and information technology (IT) teams to manage and implement security measures and protocols at a central location.

Now, remote work has become the norm for many and could become a mainstay for some companies. A hybrid in-office work approach also may be an option. Yet, more than 50% of employees surveyed don’t have updated company security policies to navigate potential threats while working from home.

Security challenges can arise every time there’s a shift to your environment. New vulnerabilities may surface, and cyber attacks still remain relentless. But, there are basic steps you can take to reduce the risk of a compromise. Here are a few things to consider when securing your environment in a remote work or a hybrid in-office setting.

Remote Workforce Common Security Challenges

Remote work has its benefits; it can provide more flexibility and potential work-life balance. But, it can also present challenges if employees let their guard down, especially when it comes to securing data.


Employees may not consider company security policies when at home. For example, employees may allow their children to use corporate laptops to play games. Or, they may use their personal laptops for work purposes. The recent survey found that 52% of respondents are using their personal laptops for work with no tools to secure it.

These activities can lead to a compromise of the device and the connected network. Ideally, all employees should try to use corporate-provided devices. These devices should have security controls in place, such as firewalls, endpoint detection and response and antivirus software. However, employees may inadvertently disable these controls because they are “slowing them down.” Before turning off certain controls, team members should consult with their IT department.


A common misperception is that data is protected when connected to a company’s virtual private network (VPN). A VPN does encrypt traffic between the user and a corporate network, but it does not stop a threat actor from accessing and compromising the internal network.

Incident Response

Responding to a compromise can be challenging. Most incident response teams are in one location. They have technologies, people and evidentiary information at their fingertips. Today, those teams are also working from home, which can make investigating a breach more difficult.

For example, if an employee’s home network is compromised, an incident responder cannot go to the person’s house to access and investigate the network. The employee would have to ship the infected device to the investigator, which extends the window of opportunity for an attacker to move deeper into the environment.


Installing patches can also be tricky. Corporate devices automatically download patches to fix vulnerabilities. Those devices need to be connected to the corporate network to receive those patches.

Downloading a patch requires a steady VPN or network connection. This process can be stalled or not completed if employees need to connect through VPN, which can easily disconnect with a shaky internet connection.

Some companies may perform automated patching overnight. The patching will not work if those devices are powered down.


Fraudulent emails purporting to be from reputable companies are a common attempt to gain personal data. And, employees working remotely aren’t immune to these scams. Employees clicking on these malicious links can give threat actors access to personal and company information.

Multifactor authentication provides extra security by requiring two or more credentials for log in to an account. This makes it harder for bad actors to get access to usernames and password.

Additionally, make sure employees set their device’s software to update automatically so it can deal easily address any new security threats.


Hybrid In-Office Workforce Common Security Challenges

A hybrid workforce model can bring the same kinds of challenges to those who working at home some days and in an office on other days.

Compromised Network

A company’s entire network could be compromised if an employee uses an infected device in the office. In many cases, devices previously trusted to connect to a corporate network will automatically connect again without requiring re-authentication, eliminating a layer of security.

Infected Documents

Infected documents also can cause problems. For example, an employee’s laptop unknowingly becomes compromised because they open a malware-infected document on their corporate laptop at home. They email that document to a coworker working in the office. Once the co-worker opens the email, their laptop becomes compromised and so does any network connected to it.

Reducing Risks

The key for any business is to have a data protection and security plan built for whatever workforce model is chosen.

Separate Network

One of the most effective steps is to set up a separate network for employees who work from home. They could use a VPN to access that network and have limited access to servers and company information.

Security and IT teams can also do the following:

  • Perform a preliminary check on remote employees devices before they return to the office.
  • Ensure security controls are on.
  • Add an extra layer of protection to the VPN with automated security checks before allowing a device to connect to the network.
  • Deploy additional network segmentation to which employees’ machines connect to when they return to the office.
  • Perform authentication and authorization checks before granting access to the corporate network.
  • Limit employees’ access to only the data they need to do their jobs

Cyber Hygiene

More than 50% of survey respondents are not aware of new company policies related to customer data, password management and video conferencing following a transition to working from home.

Maintaining cyber hygiene best practices is critical to a company’s security measures. Businesses should host quarterly security awareness trainings to educate employees on risk management in a remote work environment. It’s also important to remind employees of best practices when they return to the office.

Penetration Testing

Finally, perform penetration testing, especially against the internal network. An internal network penetration test can simulate a compromised machine.

A simulated attack can connect to the network and show where a threat actor could move after compromising an employee’s machine.

You should also implement an ongoing vulnerability management program to continuously identify, prioritize and patch high-risk vulnerabilities that an attacker may leverage. Plus, perform an adversary simulation engagement to find gaps in your remote incident response programs.

Learn how IBM’s X-Force Red’s team of hackers can help your organization.


More from Incident Response

3 recommendations for adopting generative AI for cyber defense

3 min read - In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The EU and US are beginning to put new regulatory frameworks in place to manage AI risks.Amid all this commotion, hackers and other cybercriminals are hardly…

What we can learn from the best collegiate cyber defenders

3 min read - This year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This year the challenge involved a common scenario: a merger. Ten finalist teams were tasked with managing IT infrastructure during this migrational period and, as an added bonus, the networks were simultaneously attacked by a group of red…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today