The Remote Work Threat Landscape
When the pandemic forced millions of workers out of the office in 2020, IT departments scrambled to keep people productive. Security was frequently the afterthought. Several years later, the hybrid and fully remote workforce is the new normal — and the attack surface it created has been enthusiastically exploited by threat actors who had years to hone their techniques while defenders caught up.
The statistics are sobering. The IBM Cost of a Data Breach Report consistently finds that over 80% of data breaches involve compromised credentials. Remote workers who reuse passwords across personal and work accounts, who click phishing links on devices that lack enterprise endpoint protection, and who connect over unsecured home networks are handing attackers a perfect entry vector. Phishing attacks surged more than 600% during the initial remote work adoption wave, and attack volumes have not meaningfully declined since.
The home router is now a critical piece of business infrastructure — and it is almost universally under-protected. Consumer-grade routers ship with default admin credentials that are rarely changed. Firmware updates that patch known vulnerabilities sit uninstalled for months or years. The same router that hosts your employee's work laptop also hosts their children's gaming consoles, smart TVs, IoT sensors, and guest devices. Enterprise network controls — intrusion detection, VLAN segmentation, application-layer firewalling — do not exist in this environment.
The deeper problem is architectural. The traditional security model assumed a hard perimeter: your office network was inside the firewall, the internet was outside, and a clearly defined boundary separated trusted from untrusted. That model is gone. When your users are in seven different home offices, three coffee shops, and an airport lounge, there is no perimeter. Every device, every session, every connection must be treated as potentially hostile until verified. This is not an overstatement — it is the operating reality that every Southern California business needs to plan around right now.
7 Non-Negotiable Remote Security Controls
There is no single technology that solves remote work security. What works is layered defense — multiple overlapping controls so that the failure of any one layer does not result in a catastrophic breach. Below are the seven controls that IT Center considers non-negotiable for any business with remote or hybrid workers.
Every remote connection to company resources — file servers, line-of-business applications, internal portals, RDP sessions — must flow through a corporate VPN. This encrypts traffic in transit and ensures that remote sessions originate from a known, managed IP address that your other security controls can recognize and trust.
There are two architectural approaches: split-tunnel VPN routes only corporate-bound traffic through the encrypted tunnel, letting general internet traffic bypass the VPN directly. This reduces bandwidth load on your VPN gateway. Full-tunnel VPN routes all traffic through the corporate network, allowing your firewall and DNS security controls to inspect everything the remote user does on the internet. For most SMBs, full-tunnel is the stronger security posture. IT Center deploys and manages client VPN infrastructure as part of our managed IT onboarding — users get a pre-configured client that connects automatically on untrusted networks.
MFA is the single highest-ROI security control available to SMBs. If credentials are stolen — and statistically they will be, at some point — MFA is the lock that prevents those stolen credentials from being immediately useful to an attacker. Every authentication surface must be covered: email, VPN, cloud applications, finance portals, HR systems, admin consoles, and remote access tools.
Not all MFA is equal. SMS-based one-time codes are acceptable and dramatically better than nothing, but they are vulnerable to SIM-swapping attacks. Authenticator apps (Microsoft Authenticator, Google Authenticator) generate time-based codes locally on the device and are not susceptible to SIM-swapping. Hardware security keys (FIDO2/WebAuthn compliant devices) are phishing-resistant and represent the gold standard for administrator accounts and anyone with access to sensitive financial or customer data. IT Center enforces MFA as a baseline requirement on all managed accounts during onboarding.
Traditional antivirus software operates on signature matching — it knows what previously documented malware looks like and blocks it. Modern threats are polymorphic, fileless, or designed specifically to evade signature detection. Endpoint Detection and Response (EDR) platforms take a fundamentally different approach: they monitor process behavior, memory activity, network connections, and file system changes in real time, looking for suspicious behavioral patterns rather than known signatures.
Every device that touches company data — laptops, desktops, remote workstations — must have an EDR agent installed and actively monitored. IT Center's Managed Detection and Response (MDR) service pairs EDR technology with 24/7 analyst monitoring from our NOC. When an EDR alert fires at 2 AM on a Friday night, our team investigates and responds. The device does not sit unmonitored until Monday morning. EDR deployment and monitoring is included in the IT Center managed IT package from day one of onboarding.
Company-owned devices must be enrolled in a Mobile Device Management platform. MDM gives your IT team the ability to enforce security policies (screen lock, disk encryption, approved app lists), push software updates, and remotely wipe a device if it is lost, stolen, or compromised. These capabilities are not optional when your employees are carrying corporate data on laptops that go everywhere with them.
Bring Your Own Device (BYOD) is more complex but manageable. Employees who use personal devices for work get a management profile that creates a containerized separation between personal and corporate data. The MDM platform can wipe the corporate container without touching personal photos, messages, or apps. This respects employee privacy while maintaining corporate data control. IT Center handles MDM enrollment and policy configuration as part of our standard onboarding workflow.
DNS is the phonebook of the internet — every time your device connects to a website or service, it first queries a DNS resolver to translate the domain name into an IP address. Secured DNS (also called DNS filtering or protective DNS) intercepts that query and blocks it if the destination domain is known malicious, associated with phishing, command-and-control infrastructure, or otherwise flagged as a threat.
The key advantage is that malicious domains are blocked before a connection is ever established — before any payload is downloaded, before any credential is entered. This is one of the highest-leverage, lowest-friction security controls available. IT Center deploys secured DNS as a standard component of our managed IT onboarding. It is included in the $300/computer user/month package, pre-configured on all managed devices, and requires no ongoing effort from employees.
Zero Trust is a security philosophy, not a product. The core principle: never implicitly trust any user, device, or session, regardless of whether it is coming from inside or outside the corporate network. Every access request is verified based on identity, device health, location, and behavior before access is granted — and that access is granted only to the specific resources needed, not the entire network.
For businesses running Microsoft 365, Conditional Access policies are the practical implementation of Zero Trust principles. These policies can require MFA for all sign-ins, block access from non-compliant devices, restrict logins from unexpected geographies, and require re-authentication when risk signals are detected. IT Center configures and maintains Conditional Access policies as part of Microsoft 365 management. The result is that even if credentials are stolen, an attacker connecting from an unrecognized device in an unexpected location triggers policy enforcement that blocks the session.
Technology controls can stop known threats. The human element remains the most reliably exploited attack vector. Business Email Compromise (BEC) attacks — where an attacker impersonates a CEO, CFO, or vendor to trick employees into wire transfers or credential disclosure — caused over $2.9 billion in losses in a recent FBI Internet Crime Report year. These attacks work not because of technical vulnerabilities, but because employees are not trained to recognize the warning signs.
Effective awareness training is not a one-time annual checkbox. It includes quarterly phishing simulations that test employees with realistic lure emails and immediately train anyone who clicks. It covers BEC recognition, screen-lock habits, public WiFi rules, and password hygiene. The goal is to build a security-conscious culture where employees are your first line of detection — not your most reliable attack surface. IT Center provides phishing simulation and security awareness training as part of our managed security offering.
The Insider Threat Layer
Remote work creates a visibility problem that goes beyond external attackers. When your team was in the office, there was an inherent degree of physical oversight. Remote work removes that entirely. Malicious insiders — employees who steal data before resigning, who exfiltrate customer records, or who are compromised by an external actor and used as a conduit — are statistically more dangerous in a remote environment precisely because the behavioral signals are harder to detect.
IT Center deploys Teramind, a behavioral analytics platform (vendor partner) that monitors for anomalous employee activity across managed endpoints. Teramind establishes behavioral baselines for each user — normal working hours, typical data volumes, standard application usage patterns — and alerts when significant deviations occur. Unusual bulk data exports to a personal USB drive. Access to file shares that an employee has never previously touched. Off-hours logins followed by large file downloads. These are early warning signals that something is wrong, either through malicious intent or through a compromised account being used by an external attacker.
It is important to be clear about what Teramind monitoring is and is not. This is not surveillance for surveillance's sake — it is a security control focused on data protection and anomaly detection. Monitoring policies are disclosed to employees as part of onboarding, are scoped to company-owned devices and corporate applications, and are operated by IT Center's security team with appropriate access controls. The goal is early warning that enables rapid response, not a permanent record of every keystroke.
Written Remote Work Security Policy
Technology controls are only as effective as the policies that govern their use. Without a written remote work security policy, employees are left to make their own security decisions — and those decisions will not always align with your organization's risk tolerance. A formal policy sets clear expectations and provides the documented authority to enforce compliance.
- VPN Required at All Times: All remote access to company systems, applications, and data requires an active VPN connection. No exceptions.
- Public WiFi Prohibition Without VPN: Employees must not access company resources from public WiFi networks (coffee shops, airports, hotels) without an active VPN. Ideally, mobile hotspot is preferred over untrusted public networks for sensitive work.
- Approved Devices Only: Company data is accessed only from IT Center-managed, enrolled devices. Personal devices not enrolled in MDM may not access corporate email, files, or applications except through approved web interfaces with MFA.
- Screen Lock When Stepping Away: Devices must lock automatically after no more than 5 minutes of inactivity. Employees must manually lock before walking away from their workstation.
- No Personal Applications on Work Devices: Work laptops are not personal devices. Personal email, personal cloud storage (Dropbox, personal Google Drive), gaming, or social media applications are not permitted on company-issued hardware.
- Incident Reporting: Employees must report suspected phishing, lost devices, or unusual account behavior to the IT Center service desk immediately — not the following business day.
The IT Center Remote Work Security Stack
IT Center's managed IT package is designed specifically for the operational reality of today's distributed workforce. Every control described in this post is included, configured, and actively managed — your team does not need an internal IT department to operate it, and you do not need to purchase, license, and integrate these tools individually.
For Southern California businesses with 5 to 150 employees, this model eliminates the need to hire, train, and retain in-house IT security staff while delivering enterprise-grade protection at a predictable monthly cost. The United States is the most heavily targeted country in the world for cyber-attacks. The businesses that get breached are rarely those who were specifically targeted and overwhelmed — they are the ones who made themselves easy targets through preventable gaps. Close the gaps.
Is Your Remote Workforce Actually Secure?
Most businesses think they are protected. Most are wrong. IT Center's free security assessment identifies the specific gaps in your remote work posture — VPN coverage, MFA deployment, endpoint protection, and more — with a prioritized remediation plan at no cost and no obligation.
Get a Free Security Assessment