Remote Work Security Assessment

Kroll’s remote work security assessment identifies vulnerabilities of work-from-home employees and networks, and provides guidance on minimizing the risks posed by a decentralized network often complicated by personal devices and unstructured environments

Contact Cyber Experts

Thousands of employers and millions of employees made a nearly overnight transition to a remote workforce earlier this year. Now, with companies seeing benefits that include greater efficiency, cost savings and better work life balance, many are maintaining remote work for the foreseeable future. A recent study found that 55% of executives expect their organizations will offer remote work opportunities after COVID-19 is no longer a threat.

Any time you make a major change to your infrastructure like the shift to remote work, where large numbers of employee PCs and devices are no longer behind the office firewall, the attack surface for cybercriminals expands and the potential for risk increases. Kroll has helped several organizations recover from attacks that originated from the exploitation of security vulnerabilities in remote work applications like VPNs.

A recent survey by Leonne International found that 33% of UK businesses say they lack the technology infrastructure to manage security issues with working remotely during the COVID-19 crisis. Yet data confidentiality and physical security are essential, particularly if remote employees work with patents, medical records, loans or any type of sensitive data.

Proactive Measures to Reduce Work-From-Home Risks

Management must actively evaluate physical and cyber security for sensitive data that remote workers access to ensure data remains protected. Remote work cyber security challenges and working from home concerns include the use of:

  • Poorly configured VPNs
  • Bring your own devices (BYOD) policies that allow devices to operate outside of corporate IT
  • Corporate devices shared with children or other relatives, increasing susceptibility to malware
  • File sharing products like Dropbox to store sensitive documents that can be difficult to monitor
  • Printed hard copies of sensitive documents that can be viewed inadvertently 
  • Shadow IT systems that are invisible to corporate IT

Once your organization pinpoints potential vulnerabilities, you must adapt your security controls to new remote work configurations and sufficiently harden your systems against network-based attacks to reduce risk.

Kroll’s Remote Work Security Assessment Ensures Remote Devices and Data are Protected

Kroll’s remote work security assessment evaluates your organization’s cyber and physical document security. We methodically review your existing and new policies for securing a remote workforce as well as interview your IT, information security and typical remote workers to identify where your defenses are strong and where vulnerabilities exist that bad actors can exploit. At the end of our assessment, we provide you with a prioritized, customized set of security tips for working from home and an executive summary for management to help your organization address security deficiencies in your remote workers’ physical and cyber security systems. 

Based on frontline experience dealing with over 3,000 cyber incidents every year, our seasoned experts look at nine key vectors of remote work vulnerabilities related to people, process and technology:


Employee Training and Remote Working Security Policies

How well is your organization educating workers about security best practices and the risks of social engineering attacks (such as phishing, SMS-based attacks and others)?


BYOD Policies
How securely are employees storing data and emails on BYOD devices, such as personal laptops and smartphones? What process do you use to set them up on their device? What security controls do you offer and implement? What monitoring do you provide? What is the process for recovering company data after a worker is terminated?

Physical Document Security Policies
Many data privacy regulations apply whether a document is online or printed. What polices do you have around documents stored at home? Do you require workers to have locking file cabinets? What are your document retention policies? Are employees given a shredder? 

Email Security
How do you allow employees to access email? Can they retrieve it by phone, laptop, web-based or client-based apps? What filtering options are used? What data can be sent via email? How are emails secured at rest and in transit? Are employees able to send company information to their personal email? Can they use personal email for company communications?


Are remote workers’ instant messaging, VOIP and telephony securely configured? Are communications encrypted?

Connection to the Corporate Network
Do employees connect to the corporate network via VPN? Do they access corporate resources through a home network? If so, is the router up to date or patched? What devices are part of that network (iPads, phones, IoT devices)? How are these devices managed?   

SaaS Applications
If corporate data is stored with cloud-based applications, how do you authenticate users? Do you follow password best practices? Do you use multifactor authentication to restrict access? 

Corporate Devices
Are the corporate PCs and laptops that workers use remotely configured properly for a hostile network environment? Are they appropriately hardened? 

Video Conferencing
What solutions or systems are employees using? Do they follow best practices for meetings, recordings and retention?

A Comprehensive Range of Services

Kroll offers a wide range of additional specialized testing capabilities that complement our remote work security assessment. These include :

  • Vulnerability management
  • Penetration testing for your internet facing infrastructures, including phishing testing
  • Endpoint hardening assessments

Keep Your Remote Workforce and Network Secure

In our experience, maintaining effective cyber security for your remote workforce starts with a thorough evaluation of your existing strengths and vulnerabilities. With a comprehensive understanding of your remote work security position, your organization can more effectively adapt your controls to reduce the potential for exposure caused by remote workforces. Kroll is ready to help, 24/7. Use the links on this page to explore our services further or speak to a Kroll expert today via our 24x7 cyber incident hotlines or our contact page.

Related Team

Connect with us

Gregory Michaels
Greg Michaels
Global Head of Governance and Strategy
Cyber Risk
Jeff Macko is a Director
Jeff Macko
Associate Managing Director
Cyber Risk

See all servicesStay Ahead with Kroll


Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.

Corporate Finance and Restructuring

M&A advisory, restructuring and insolvency, debt advisory, strategic alternatives, transaction diligence and independent financial opinions.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Environmental, Social and Governance

Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.

Investigations and Disputes

World-wide expert services and tech-enabled advisory through all stages of diligence, forensic investigation, litigation, disputes and testimony.

Business Services

Expert provider of complex administrative solutions for capital events globally. Our services include claims and noticing administration, debt restructuring and liability management services, agency and trustee services and more.


Q4 2021 Threat Landscape: Software Exploits Abound

Feb 16, 2022

by Keith WojcieszekLaurie Iacono George Glass


10 Essential Cyber Security Controls for Increased Resilience (and Better Cyber Insurance Coverage)

Nov 03, 2021

by Devon AckermanJeff Macko

Cyber Risk

10 Fundamental Work From Home Cyber Security Tips

May 08, 2020

by Greg Michaels

Cyber Risk

Low Tech Fundamentals For Successful Work-From-Home Environments

Apr 07, 2020

by Alan Brill

Press Release

Kroll Recognized in 2023 Gartner Market Guide for Digital Forensics and Incident Response Retainer Services

May 19, 2023

Press Release

Kroll Responder Recognized in 2023 Gartner Market Guide for Managed Detection and Response Services for the Third Consecutive Year

Mar 23, 2023


Kroll Launches Cyber Partner Program Delivering Lifetime Returns

Feb 28, 2023


Kroll Named an MDR “Champion” by Bloor Research

Feb 27, 2023

Digital Forensics and Incident Response

Kroll at Infosecurity Europe 2023

In-Person In-Person Jun 20 - Jun 22, 2023 | in-person

Digital Forensics and Incident Response

KAPE Intensive Training and Certification

Online Event Online Event Apr 13 - Dec 07, 2023 | Online Event

Return to top