The rush to enable remote work happened years ago. Organisations stood up VPN concentrators, deployed cloud collaboration tools, and shipped laptops to employees’ homes. The emergency is long over, but many of the hasty security decisions made during that period remain in place, unchanged and unreviewed.
Temporary solutions became permanent infrastructure. VPN split tunnelling configured to reduce bandwidth pressure still routes corporate traffic differently from personal browsing. Remote desktop gateways deployed as a quick fix still expose management interfaces to the internet. Security exceptions granted during the transition never got revoked.
The Expanded Attack Surface
Remote work stretched the traditional network perimeter beyond recognition. Corporate data now lives on home networks, personal devices, and cloud storage accounts that IT teams cannot fully monitor or control. Employees connect through residential broadband routers with default credentials and outdated firmware.
VPN concentrators became prime targets. Attackers exploited critical vulnerabilities in popular VPN appliances from Fortinet, Pulse Secure, and Citrix to breach hundreds of organisations. Many of these appliances remain vulnerable because patching requires downtime that disrupts remote access for the entire workforce.
William Fieldhouse, Director of Aardwolf Security Ltd, comments: “The shift to remote work created a class of infrastructure that organisations rushed to deploy but never properly hardened. VPN gateways and remote access solutions sit on the internet handling authentication for the entire company. They demand the same security attention as any other internet-facing system, yet they frequently go months between patches because nobody wants to disrupt remote access.”
Assessing the Damage
Start by auditing every remote access pathway. Map your VPN gateways, remote desktop services, cloud access brokers, and any other entry points that remote workers use. Run vulnerability scanning services against each one to identify missing patches and insecure configurations.
Follow up with internal network penetration testing that simulates what an attacker could achieve after compromising a remote worker’s VPN connection. This scenario reflects the most common real-world attack path: gain VPN credentials through phishing, connect to the corporate network, and move laterally towards high-value targets.
Tightening Remote Access
Replace traditional VPN with zero trust network access (ZTNA) where feasible. ZTNA grants access to specific applications rather than entire network segments, limiting lateral movement. Where full VPN replacement is not practical, enforce strict network segmentation so that VPN users can only reach the resources they need.
The problem extends beyond technical infrastructure. Remote workers handle sensitive documents in home environments where family members, visitors, and video calls create accidental exposure risks that office environments were designed to prevent. Screen privacy filters and clean desk policies mean nothing when someone works from their kitchen table.
Monitor VPN connection logs for anomalies. Simultaneous connections from different geographic locations, connections at unusual hours, or sustained high-bandwidth transfers all warrant investigation and might indicate compromised credentials being used by an attacker rather than a legitimate employee.
Remote work is permanent. Treat your remote access infrastructure with the same rigour you apply to any internet-facing system. Patch promptly, test regularly, and review access controls quarterly.
