Notifications
Clear all
Topic starter
08/06/2026 3:59 pm
TL;DR: Credential misuse drives 80% of security breaches, while more than 40% of companies had not provided remote-work training and 32% of employees had received none in six months, according to Axiad. The identity lesson is that distributed work turns everyday user behaviour, device choice, and credential handling into governance controls, not just awareness issues.
NHIMG editorial — based on content published by Axiad: 5 Tips to Take Control of Your Home Cybersecurity
By the numbers:
- More than 50% of workers have been using their personal laptops for work since the pandemic.
- Over 40% of companies have not provided any training focused on remote work.
Questions worth separating out
Q: How should security teams reduce remote-work identity risk for employees using home offices?
A: Security teams should combine managed-device requirements, phishing-resistant verification routines, and clear credential lifecycle processes.
Q: Why do personal laptops create more identity risk than company-issued devices?
A: Personal laptops are harder to standardise, monitor, and secure consistently.
Q: What do organisations get wrong about phishing in remote work?
A: They treat phishing as an email problem instead of an identity verification problem.
Practitioner guidance
- Require managed devices for sensitive workflows Restrict access to applications handling sensitive data when users connect from personal laptops or untrusted endpoints.
- Operationalise screen-lock and clean-desk behaviour Treat screen locking, protected backgrounds, and screen-sharing discipline as enforceable remote-work controls.
- Strengthen sender verification routines Make digital-signature checks, out-of-band confirmation, and phishing reporting part of the standard response to urgent requests.
What's in the full article
Axiad's full blog post covers the practical remote-work advice this post intentionally leaves at the governance level:
- Step-by-step employee habits for locking devices and protecting screen content during video calls
- Guidance on using company-issued devices instead of personal laptops and phones for work access
- Email verification examples, including digitally signed mail and out-of-band confirmation
- Credential handling reminders for passwords, tokens, and expiration tracking
👉 Read Axiad's security bulletin on five remote-work cybersecurity tips →
Remote work security habits: what IAM teams still miss?
Explore further
08/06/2026 5:21 pm
Remote work has turned human behaviour into an access control dependency. The article shows that locking screens, separating devices, and verifying email senders are not hygiene tips in isolation. They are controls that compensate for the loss of direct supervision and trusted office context. In other words, the remote-work model makes identity security depend on behaviour that traditional IAM programmes often treat as external to the control plane. Practitioners should treat the home office as a governed access environment, not an informal exception.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
A question worth separating out:
Q: How can organisations keep credentials from becoming a remote-work weak point?
A: They need a clear credential lifecycle that covers issuance, storage, expiry, and recovery. Employees should know which credentials they have, when they expire, and how to replace them safely. Centralised management reduces the chance of lost tokens, reused passwords, and weak recovery behaviour.
👉 Read our full editorial: Remote worker identity risk is still driven by human habits
