Since the COVID-19 pandemic, remote work has seen a significant boost. In 2025, over 6.7 million Australian workers were working from home at least some of the time. But while remote working arrangements have their benefits, they carry risks which must be addressed. One of these risks is digital security, which becomes harder to manage when employees aren’t in a single location. So let’s take a look at the security implications of remote work, and what you can do to combat them.
Risk 1: Personal Devices
For permanent employees who work in an office, using a personal computer instead of a work-issued device is rare. But when working from home, the situation might be different; it can especially be tempting to use your own devices, especially if you’re issued a sub-par device.
Using a personal computer for work carries non-incidental risk, increases your company’s attack surface, and makes policy enforcement tough:
- A personal device is easier to compromise. Without strict anti-virus, internet filtering or security mandates, a personal device is a weaker barrier into your company’s infrastructure. For example, the LastPass breach of 2022 was possible due to a senior engineer’s personal device being compromised.
- Monitoring is a fine line. Employers expect to monitor the activity of work devices, but on a personal device it can quickly become intrusive. It’s easy to accidentally collect data about personal activities which invades the employee’s privacy. The choice becomes: risk their privacy or your security.
- Post-employment data retention. the vast majority of employees have the obligation to return all employment assets post-employment, including any digital files. When exclusively using a work-issued device, this is as simple as handing back the device. But when using a personal device, it becomes far harder to track down all files to delete them, likely leaving some residue.
The solution? Provide a high-quality work devices to all remote employees. This ensures your company’s data stays contained, lets you monitor activity without privacy risks and lets you control the attack surface through device management policies like encryption, application installation, requiring the latest operating systems, etc.
Risk 2: Insecure Networks
Corporate networks often have strict filtering policies to further reduce attack surfaces. When staff aren’t using such a network however, these surfaces naturally increase. Depending on arrangements, the quality and security of networks can differ. Consider:
Shared Working Spaces (Low Risk)
Shared working spaces are geared towards working environments, and their network security often reflects that. This is by far the most secure option, especially for non-technical users. While you won’t have fine control over policies or firewalls, the configuration by workspace management will likely be ‘good enough’.
Home Office (Low-Medium Risk)
A home office is also a controlled environment, but it’s up to the user to make it secure. Technical users will be able to configure their network to be more secure (closer to that of a corporate network) but non-technical users likely will not. This can leave you with outdated firmware or insecure defaults, and be tough to improve.
Public Wi-Fi (High Risk)
Public Wi-Fi networks are notorious for the risks they carry. From fake Wi-Fi networks to MITM attacks, there are many ways you can be compromised without realising it. Public Wi-Fi networks should not be used for working arrangements — at least not without another layer of security like a VPN.
The quickest and easiest way to ensure network security of remote workers is through a VPN or tunnelling solution. VPNs (virtual private networks) provide an encrypted layer on top of your network connection, making it ideal for insecure networks and for implementing stricter access control mechanisms like IP whitelisting.
Also, all accounts should be setup modern security standards. This might include enforcing strong passwords with a short reset interval, two-factor authentication and/or passkeys.
Risk 3: Unintentional Sharing
When working from an office environment, you naturally have a closed-off space. But when your working environment includes those outside your company, the risk of unintentionally sharing sensitive information increases.
If you’re working in a public place such as a café, you carry the risk of sharing confidential information to a passerby. The vast majority of people wouldn’t take advantage of the situation to compromise or cause damage to your company, but it’s inevitable that some would.
Just becomes most people aren’t thieves doesn’t mean we don’t lock our doors.
When working in a public space, being wary of your surroundings, and conscious of both physical and digital documents you leave lying around is critical. You must always keep an eye out for potential avenues of compromise, and the responsibilities you have for confidentiality.
Summary
Employees working remotely increase cybersecurity risks for your company — a challenge which must be addressed. The balance can be hard to get right: confidentiality and integrity of your company’s data is critical, but employees need to access it to work. Securing devices and networks is the top priority, and it takes time to get it right.
In 2026, social engineering, phishing and other digital attacks are on the rise, especially with the assistance of AI to find more vulnerabilities and create more realistic scenarios. Any security measures you would put in place for office staff should be hardened for remote employees to combat the increase in unpredictability of security.