Notifications
Clear all
Topic starter
12/06/2026 10:05 pm
TL;DR: Credential misuse, phishing, device mixing, and weak training are driving home office risk more than location, with login credential abuse still behind 80% of breaches and phishing rising by nearly a third during the pandemic, according to Axiad. The lesson is that identity controls, not perimeter assumptions, determine whether remote work stays manageable.
NHIMG editorial — based on content published by Axiad: 5 tips to take control of your home cybersecurity
By the numbers:
- More than 50% of workers have been using their personal laptops for work since the pandemic.
- Over 40% of companies have not provided any training focused on remote work.
Questions worth separating out
Q: How should security teams handle remote work without weakening identity controls?
A: Treat remote work as an identity governance problem first.
Q: Why do personal devices create more risk for work access?
A: Personal devices weaken enterprise trust because they carry unknown applications, inconsistent patching, and less controllable security settings.
Q: How do phishing attacks become more effective in remote environments?
A: Phishing works better when users cannot quickly verify a request in person.
Practitioner guidance
- Enforce managed-device access for work systems Restrict sensitive access to company-issued endpoints where security tooling, patching, and application controls are under enterprise management.
- Strengthen credential hygiene workflows Require unique passwords where passwords still exist, add multi-factor authentication, and make expiry and replacement dates visible to users.
- Use out-of-band phishing verification Tell users to confirm suspicious requests through a separate channel before sharing data or approving an action.
What's in the full article
Axiad's full blog post covers the practical employee guidance this post intentionally leaves for the source:
- Step-by-step advice for keeping work and personal devices separated during remote work
- User-facing examples of suspicious email patterns and how employees should validate them
- Practical guidance on credential storage, expiry reminders, and recovery habits for remote staff
- Training and policy enforcement suggestions for IT teams supporting home office users
👉 Read Axiad's remote work security tips for identity and credential hygiene →
Remote work identity risk: what home office teams miss?
Explore further
13/06/2026 12:36 am
Remote work turned identity into the primary security perimeter. The article correctly shows that home office security depends on how well organisations control credentials, device trust, and user verification outside the office. Once the workplace becomes distributed, the old assumption that physical proximity supports security no longer holds. The implication is that IAM and endpoint policy must be treated as the control plane for remote work, not as supporting functions.
A few things that frame the scale:
- Strong remote-work hygiene matters because 91.6% of secrets remain valid five days after notification, according to the Ultimate Guide to NHIs.
- Our research also shows that 97% of NHIs carry excessive privileges, which turns everyday credential exposure into broad access risk.
A question worth separating out:
Q: Who is accountable for credential misuse in a remote work model?
A: Accountability is shared, but the organisation owns the control environment. Security teams must provide strong authentication, device policy, and training, while employees must protect their credentials and follow verification steps. Remote work fails when either side assumes the other has already closed the gap.
👉 Read our full editorial: Home office security exposes identity risk in remote work
