Before the coronavirus pandemic hit, working from home used to be a novelty for many employees. According to a June 2020 IBM Security and Morning Consult “Work From Home Survey,” 80% of respondents say they worked from home either rarely or not at all prior to the pandemic. In-office work allowed employers and information technology (IT) teams to manage and implement security measures and protocols at a central location.

Now, remote work has become the norm for many and could become a mainstay for some companies. A hybrid in-office work approach also may be an option. Yet, more than 50% of employees surveyed don’t have updated company security policies to navigate potential threats while working from home.

Security challenges can arise every time there’s a shift to your environment. New vulnerabilities may surface, and cyber attacks still remain relentless. But, there are basic steps you can take to reduce the risk of a compromise. Here are a few things to consider when securing your environment in a remote work or a hybrid in-office setting.

Remote Workforce Common Security Challenges

Remote work has its benefits; it can provide more flexibility and potential work-life balance. But, it can also present challenges if employees let their guard down, especially when it comes to securing data.


Employees may not consider company security policies when at home. For example, employees may allow their children to use corporate laptops to play games. Or, they may use their personal laptops for work purposes. The recent survey found that 52% of respondents are using their personal laptops for work with no tools to secure it.

These activities can lead to a compromise of the device and the connected network. Ideally, all employees should try to use corporate-provided devices. These devices should have security controls in place, such as firewalls, endpoint detection and response and antivirus software. However, employees may inadvertently disable these controls because they are “slowing them down.” Before turning off certain controls, team members should consult with their IT department.


A common misperception is that data is protected when connected to a company’s virtual private network (VPN). A VPN does encrypt traffic between the user and a corporate network, but it does not stop a threat actor from accessing and compromising the internal network.

Incident Response

Responding to a compromise can be challenging. Most incident response teams are in one location. They have technologies, people and evidentiary information at their fingertips. Today, those teams are also working from home, which can make investigating a breach more difficult.

For example, if an employee’s home network is compromised, an incident responder cannot go to the person’s house to access and investigate the network. The employee would have to ship the infected device to the investigator, which extends the window of opportunity for an attacker to move deeper into the environment.


Installing patches can also be tricky. Corporate devices automatically download patches to fix vulnerabilities. Those devices need to be connected to the corporate network to receive those patches.

Downloading a patch requires a steady VPN or network connection. This process can be stalled or not completed if employees need to connect through VPN, which can easily disconnect with a shaky internet connection.

Some companies may perform automated patching overnight. The patching will not work if those devices are powered down.


Fraudulent emails purporting to be from reputable companies are a common attempt to gain personal data. And, employees working remotely aren’t immune to these scams. Employees clicking on these malicious links can give threat actors access to personal and company information.

Multifactor authentication provides extra security by requiring two or more credentials for log in to an account. This makes it harder for bad actors to get access to usernames and password.

Additionally, make sure employees set their device’s software to update automatically so it can deal easily address any new security threats.


Hybrid In-Office Workforce Common Security Challenges

A hybrid workforce model can bring the same kinds of challenges to those who working at home some days and in an office on other days.

Compromised Network

A company’s entire network could be compromised if an employee uses an infected device in the office. In many cases, devices previously trusted to connect to a corporate network will automatically connect again without requiring re-authentication, eliminating a layer of security.

Infected Documents

Infected documents also can cause problems. For example, an employee’s laptop unknowingly becomes compromised because they open a malware-infected document on their corporate laptop at home. They email that document to a coworker working in the office. Once the co-worker opens the email, their laptop becomes compromised and so does any network connected to it.

Reducing Risks

The key for any business is to have a data protection and security plan built for whatever workforce model is chosen.

Separate Network

One of the most effective steps is to set up a separate network for employees who work from home. They could use a VPN to access that network and have limited access to servers and company information.

Security and IT teams can also do the following:

  • Perform a preliminary check on remote employees devices before they return to the office.
  • Ensure security controls are on.
  • Add an extra layer of protection to the VPN with automated security checks before allowing a device to connect to the network.
  • Deploy additional network segmentation to which employees’ machines connect to when they return to the office.
  • Perform authentication and authorization checks before granting access to the corporate network.
  • Limit employees’ access to only the data they need to do their jobs

Cyber Hygiene

More than 50% of survey respondents are not aware of new company policies related to customer data, password management and video conferencing following a transition to working from home.

Maintaining cyber hygiene best practices is critical to a company’s security measures. Businesses should host quarterly security awareness trainings to educate employees on risk management in a remote work environment. It’s also important to remind employees of best practices when they return to the office.

Penetration Testing

Finally, perform penetration testing, especially against the internal network. An internal network penetration test can simulate a compromised machine.

A simulated attack can connect to the network and show where a threat actor could move after compromising an employee’s machine.

You should also implement an ongoing vulnerability management program to continuously identify, prioritize and patch high-risk vulnerabilities that an attacker may leverage. Plus, perform an adversary simulation engagement to find gaps in your remote incident response programs.

Learn how IBM’s X-Force Red’s team of hackers can help your organization.


More from Incident Response

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Expert Insights on the X-Force Threat Intelligence Index

5 min read - Top insights are in from this year’s IBM Security X-Force Threat Intelligence Index, but what do they mean? Three IBM Security X-Force experts share their thoughts on the implications of the most pressing cybersecurity threats, and offer guidance for what organizations can do to better protect themselves. Moving Left of Boom: Early Backdoor Detection Andy Piazza, Global Head of Threat Intelligence at IBM Security X-Force, sat down with Security Intelligence to chat with us about the rise in the deployment…

5 min read

How Morris Worm Command and Control Changed Cybersecurity

4 min read - A successful cyberattack requires more than just gaining entry into a victim’s network. To truly reap the rewards, attackers must maintain a persistent presence within the system. After establishing communication with other compromised network devices, actors can stealthily extract valuable data. The key to all this is a well-developed Command and Control (C2 or C&C) infrastructure. The number of C2 servers used for launching cyberattacks increased by 30% in 2022. More than 17,000 of these servers were detected last year,…

4 min read