getty

Remote and hybrid work have opened the door to greater flexibility, stronger talent pipelines and better work-life balance. But as teams spread out, so too does the security perimeter that must be protected. Home networks, personal devices and an ever-expanding mix of apps can introduce gaps that many organizations don’t immediately see.

All of these risks are manageable, but only when companies understand how distributed work changes everyday exposure and give employees the tools and habits to close security gaps before they become incidents. Below, members of Forbes Technology Council discuss critical ways remote work can increase cybersecurity risk, along with practical ways to strengthen security across a distributed workforce.

Unvetted Collaboration Tools

One of the biggest cybersecurity risks in remote and hybrid work is inconsistent use of collaboration tools, which can fragment infrastructure and create weak points. As employees turn to unvetted apps or devices, shadow systems emerge. Standardizing secure, encrypted platforms with centralized oversight protects sensitive data, mitigates risk and simplifies compliance. – Oliver Van Camp, Barco

Inconsistent Access Paths

Remote work increases risk by multiplying inconsistent access paths, which often leads to unused and/or unchecked policies, which in turn lead to gaps that attackers can exploit. The most effective fix is centralizing policy governance so that every access change is validated and enforced consistently, regardless of where users connect. – Jody Brazil, FireMon

Vulnerable Home Networks And Personal Devices

The shift to remote work exposes organizational data to vulnerable home networks and personal devices, increasing vulnerability to direct cyberattacks due to the lack of corporate-grade security. Mitigating this requires robust endpoint security measures—such as enforced encryption, multifactor authentication and VPNs—to ensure all remote access adheres to corporate security protocols. – Nikhil Jathar, AvanSaber Technologies

Unsecured Apps And Networks

Remote work blurs the line between personal and professional devices. I’ve seen teams use unsecured networks or apps without realizing the exposure. One effective fix is enforcing zero-trust policies—every user and device gets verified, always. It’s not just policy; it’s culture, and it has to be built into onboarding from day one. – Ashish Srimal, Ratio

Poorly Enforced Security Requirements

Remote development isn’t the risk—it’s the SDLC chaos that emerges when security requirements, approvals and governance steps aren’t consistently enforced. Silos create that drift, but remote work doesn’t have to mean siloed work. Orchestrating AppSec across those controls puts the perimeter around the workflow, not the office—letting companies get the benefits of remote work without the fear. – Brittany Greenfield, Wabbi

LLM adoption across business teams is creating a critical visibility gap. By 2026, exponentially more companies will use chatbots and agents to support staff. This leaves security teams with almost no observability, especially when using browser-based tools. Security teams must urgently focus on shadow AI discovery, control and response to remain vigilant. – Cody Pierce, Neon Cyber Inc.

Identity Fragmentation Across Systems

Remote work hasn’t just expanded the perimeter—it’s erased it. Every login is now a potential breach point. The greatest risk lies in identity fragmentation across devices and clouds. The solution: Move beyond firewalls to adaptive, AI-driven zero trust, where identity becomes the new perimeter—verified continuously, contextually and intelligently. – Dr. Sanjay Kumar, City of New Orleans

Increased Social Engineering Attacks

Remote work can heighten the risk of social engineering and phishing attempts due to increased reliance on digital communication. Regular security awareness training and simulated phishing exercises can help create a culture of vigilance and greatly reduce the risk of breaches. – Navneet Tyagi, Finance of America

Single Points Of Security Failure

Keep your security layers diverse across a range of technologies. A locked-down local environment is simple to secure, but remote and hybrid work require expanding and virtualizing that environment. There is also an added layer of regional risk, so you need to diversify the tools and access capabilities your remote team uses to ensure there is no single point of failure. – WaiJe Coler, InfoTracer

Delayed Security Patch Updates

One risk is critical security patches sitting uninstalled for weeks because employees keep postponing reboots. At home, there’s no IT leader walking by to enforce updates. Remote machines become time bombs. Fix this with intelligent patch automation—update during predicted downtime, save all work states, and make it painless. But also, build resilience—assume some machines are always vulnerable. Segment ruthlessly. – Marc Fischer, Dogtown Media LLC

Insider Threats Caused By Remote Hiring

There is a surge in insider threats stemming from remote hiring, where AI is used all the way down to video deepfakes in interviews. Threat actors thus access company networks and attempt cyberattacks. Tech tools for identity verification help, but the main way to reduce this risk is to train employees to recognize signs of AI in imagery, speech and other suspicious behavior when hiring remotely. – Julius Černiauskas, Oxylabs

‘Trust Decay’ And Hidden Data Exposure

Remote work magnifies risk through “trust decay”—employees blending personal and professional identities across browsers and devices. Session reuse, auto-fills and personal cloud backups create invisible data trails. Mitigation starts with secure identity isolation: Enforce separate digital personas, containerized browsers and cloud identity vaults to rebuild trust per session. – Jagadish Gokavarapu, Wissen Infotech

Proliferation Of Shadow IT

Shadow IT proliferation is a risk—personal Notion accounts, ChatGPT accounts and unauthorized apps that users implement by themselves and load sensitive corporate data into. Companies will lose control, and the attack surface will increase unless stronger security policies and systems are put into place. – Sabrin Freedman-Alexander, Cloudvoid

Employee Distraction

As remote work expands the digital frontier, security must evolve from walls to wisdom. The real risk isn’t distance; it’s distraction. A single careless click can open an enterprise. The answer is a zero-trust culture that verifies every connection and awakens every employee to vigilance. Awareness is the new perimeter; clarity, the proper defense. – Dileep Rai, Hachette Book Group

Personalized Phishing Attacks

Remote work makes phishing painfully personal; attackers mimic HR updates, benefits announcements or stipend notifications and use chat, screen sharing and file sharing to increase quiet data leaks. Reduce this risk with ongoing, scenario-based phishing drills, just-in-time training, one-click “report” buttons, and DLP tools integrated with collaboration platforms that support least-privilege access, along with clear “Are you sure?” prompts. – Harikrishnan Muthukrishnan, Florida Blue

Improper Data Handling And Storage

A significant risk is improper data handling and storage on unsecured local drives when employees download sensitive data. The solution is strictly enforcing zero-trust architecture, minimizing access, and encrypting all data in transit and at rest. Access should be granted on a need-to-know basis, especially for remote teams handling inventory data. – Uttam Kumar, American Eagle Outfitters

Greater Risk Of Critical Data Exposure

Remote work always brings risk: If a laptop is out in the wild, your data is out in the wild. VPNs, encryption and EDR help, but they can’t police every kitchen, café or coworking space. One quick photo of an open screen, and critical data is gone. Technology can reduce exposure, but when leaders build genuine human connection, employees become the iron chest that protects both the data and the enterprise. Loyalty and human intelligence become the real perimeter. – Monishankar Hazra, Optum India

Stolen Sessions On Unmanaged Devices

Remote work’s real risk isn’t home Wi-Fi; it’s stolen, valid sessions from unmanaged devices. Malware lifts cookies and OAuth tokens, and those logins look normal. Stop assuming SSO means safe—treat the browser as a high-risk endpoint. Bind tokens to hardware/device posture, keep sessions short, require phishing-resistant MFA, block personal browsers from storing sessions, and auto-kill on anomaly detection. – Volkan Ertürk, Picus Security

Limited Protection For Personal Accounts

Remote work blurs corporate and personal identities, but traditional defenses only protect corporate accounts, creating blind spots attackers exploit via infostealers, stolen session cookies and compromised credentials. To reduce risk, organizations must take a holistic view of user identity, always monitoring for exposures across all digital touchpoints and remediating them before exploitation. – Damon Fleury, SpyCloud

Human Error And Device Exposure

The weakest link is no longer the firewall—it’s the person. Every home network and every personal device becomes a potential doorway. The only real defense is culture: Build security awareness into how people think, not just how systems are configured. Empower the human firewall. – Oleg Sadikov, DeviQA