Over 64% of UK SMEs now have hybrid or fully remote teams. And while flexible work boosts productivity, it also broadens your attack surface - every home network, personal laptop, or mobile phone accessing your systems introduces new risk.
In this final Cyber Security Awareness Month blog, we're covering how to secure remote, hybrid, and Bring Your Own Device (BYOD) setups, so your business stays protected - no matter where your team logs in from.
Cyber criminals love remote workers. Why?
Because home setups often lack the layers of protection you'd find in the office:
And then there's the biggest vulnerability: human error on an unmonitored device.
"We've had cases where staff were unknowingly sharing sensitive data over public Wi-Fi, or using outdated antivirus on their home machines. They weren't reckless - they just didn't realise the risks. That's where we step in."
A 20-person marketing agency in Manchester suffered a breach when a freelancer's laptop - with poor antivirus and a pirated PDF reader - was used to access the team's shared drive. The device was infected with a keylogger, which silently harvested login credentials for multiple platforms. It took days before unusual activity was spotted - by then, two client Dropbox folders had been compromised.
The cost? Client trust, incident response bills, and weeks of cleanup.
Here's what we see most often with remote and hybrid clients:
Many home routers still use the factory password or something guessable.
✅ Fix it: Staff should change router logins, use WPA3 if available, and update firmware regularly.
A partner using the same laptop for streaming or downloads is a hidden risk.
✅ Fix it: Use company-issues devices or enable profiles with restricted access.
Phones accessing company email without encryption or passcode? That's a risk.
✅ Fix it: Use Microsoft InTune or other MDM tool to remotely wipe lost or compromised files.
Remote workers using open Wi-Fi without encryption put data in transit at risk.
✅ Fix it: Provide a Business VPN to all staff - encrypts traffic and keeps prying eyes out.
Without enforced policies, home machines often skip critical security updates.
✅ Fix it: Centralised patch management or cloud-based endpoint protection can enforce updates remotely.
Outline what's allowed, what's not, and who's responsible for device maintenance.
Ensure MFA is required for Microsoft 365, CRM, and any cloud platform accessed remotely.
Even just for key roles - company-managed devices with endpoint protection are 10x easier to monitor.
Encrypt traffic between remote workers and your systems, especially if staff work from cafes, shared spaces or travel frequently.
Use MDM to secure mobile phones and tablets that access business apps or email.
Review login logs, locations, and devices regularly to spot unusual behaviour.
"A good remote setup is invisible to the employee - but tight in the background. They get the freedom to work from anywhere. You get the peace of mind that every endpoint is protected."
Whether you've got one remote staff member or fifty, let's lock down your hybrid setup - without slowing your business down.
Working from anywhere is here to stay - but so are the threats that come with it.
Now is the time to:
With Apex, securing your hybrid workforce is one less thing to worry about.
Thanks for following our Cyber Security Awareness Month series. Stay secure, stay smart - and if you need us, we're right here in Manchester.
Let's secure the future of flexible work - together.