Remote Work's Open Doors: The New Security Crisis

HOME
News & Blog
Remote Work’s Open Doors: The New Security Crisis

“Can you hear me?” has been turned into the standard form of our time. But nowadays the question that CIOs and CISOs must pose themselves is, “Who’s listening—who shouldn’t be?” Remote, along with hybrid working, has redefined the boundaries of confidentiality.

The problem? Open doors are any Zoom or Teams meeting, any unvetted vendor account, and any unsecured device. The real question isn’t IF— it’s WHEN and how many entry points are still exposed.

The challenge: A security perimeter that no longer exists.

Earlier, the industry security stronghold was the corporate firewall. In the hybrid work era, those traditional perimeter firewalls no longer shield your digital boundaries. The new perimeter will be personal devices, home Wi-Fi networks, co-working spaces, and SaaS systems, including third-party vendors, who have access to this luxury. This increased attack surface has been revealed by recent breaches.

Royal Mail Group (2025)

The personal files of Royal Mail’s group and video conferences were leaked because the third-party vendor was compromised, showing that the collaboration platforms can be high-value targets themselves.

Zoombombing (2024–25)

During disrupted state board meetings aired in Indiana and in schools, the access control (no passcodes, duplicated personal meeting IDs) was weak, providing an opportunity for attackers to gain control of the meetings.

The severity of these disruptions had gone to the extent that Michigan had criminalised Zoombombing as a felony.

Marks & spencer (2025) & Ticketmaster (2024)

The two violations were a result of hacked third-party accounts without MFA. First is that M&S suffered massive payment delays and a loss of £570M in market value and the second one is that 560M customer records were leaked due to compromised vendor credentials.

It is quite simple, if your vendors’ weak MFA policies, your security remains as low as its vendors.

Insider threats: Coinbase, SAS, and AT&T

Coinbase (2025): Personal customer information was compromised by bribing support staff.
UK SAS (2025): 10 years ago, the names of the staff were unintentionally leaked due to poor governance—as testimony that management is worse than bad intent.
AT&T (2024): AT&T cloud provider Snowflake has resulted in millions of records being compromised because of its weaknesses.

Zoom CVE-2025-49457

Zoom patched the critical DLL bug with a CVSS severity of 9.6, which could possibly be used in an attempt to breach the whole system.

The takeaway? Even trusted sites must be updated regularly—they should be patched— pervasiveness is the enemy of security.

The insight: Why these breaches keep happening

The incidents that have occurred above are not solitary—they signify that remote working systems are at security risk. Five key insights show why remote work security is so futile:

The perimeter has dissolved: Your security fabric considers all devices, meetings and vendors.
The new battleground is identity: There was a shared lack of MFA and bad credential hygiene in Ticketmaster, M&S, et cetera.
Man still is the weakest element: Someone will open doors—or leave them open—from bribed insiders (Coinbase) to careless publishing (SAS).
Your new perimeter is the vendors: The experience of AT&T and Royal Mail shows that without verification in your supply chain, you are on an open invitation to attackers.
The tools that you depend on should be observed: The Zoom CVE demonstrated that collaboration tools may turn into a liability unless they are patched in time.

The overarching truth? The business risk of remote work is not only an IT risk but also a business risk since it has not been re-engineered to ensure security.

The solution: A layered approach to remote work security

The open doors have to be closed with people, process and technology strategy. The following is the structure that we use at Intwo, which is driven by the security ecosystem published by Microsoft.

People: Training and awareness

Ongoing training: Phishing practices, social engineering, and governance guidelines.
Clarity of policies: The employees should understand what tools are allowed- and which are not.
Insider threat management: Perform post-termination audits and make access expire to avoid remaining vulnerabilities.

Process: Governance and compliance

Vendor risk management: Have MFA on all vendor accounts; have SLAs with security obligations.
Remote access controls: Require VPNs, conditional access and least privilege controls of sensitive systems.
Review and compliance audit: Prevent SAS-like data leakages by ensuring that the data is governed before being published.
Regulatory alignment: GDPR, HIPAA, and other regulations require powerful measures of remote work data.

Technology: Modern security controls

MFA everywhere: The Non-negotiable. Both Ticketmaster and M&S breaches were caused by the lack of MFA.
Zero Trust architecture: The new perimeter is Identity. Check explicitly, least privilege and assume breach.
Patch management: Patch collaboration platforms regularly to prevent vulnerabilities such as the Zoom CVE-2025-49457.
Secure collaboration:
- Microsoft Teams: Default encrypted (TLS, SRTP), default MFA/SSO through Entra ID and advanced governance with Microsoft Purview.
- Zoom: Use passcodes, waiting rooms, and disable personal meeting IDs for sensitive calls. Enable E2EE for critical sessions.
- Data protection: Passcodes, waiting rooms, and turn off PMI on sensitive calls. Turn on E2EE when it is necessary.
- Threat detection & monitoring: Continuous alerts of the unusual patterns of the login, the impossible travel, or unauthorized sharing.

Proof: Preventable breaches

The same is the story of every big incident:

Ticketmaster: MFA could have prevented the vendor compromise.
Marks and Spencer: Supplier risk management would have been less exposed.
Coinbase: Bribed access would have been avoided by Coinbase’s insider threat monitoring.
SAS: Content review policies would have prevented leaks of information.
Zoom CVE: Systemic compromise is prevented by timely patching.

How Intwo secures remote workplaces with Microsoft

At Intwo, we assist the CIOs and CISOs to transform the messiness of remote collaboration into secure collaboration. Our model involves advice, implementation, and services:

Modern Workplace Security: Azure Virtual Desktop, Entra ID, and Build on Microsoft Teams provide the ability to collaborate securely and seamlessly.
Security Concierge / Monitoring: Threat detection 24/7, vulnerability scanning, as well as rapid incident response to keep breaches at bay.
IT Security Services: Governance, policy development, training and compliance alignment (GDPR, HIPAA, industry-specific standards).
Zero Trust by Design: Identity-first, least privilege, and assumption of breach–made for your entire remote ecosystem.

Partnering with Intwo and Microsoft you get secure collaboration, continuous monitoring and zero trust defence by sealing the potential entry points against attackers.

Conclusion: Remote work security is a strategic advantage

Remote work is here to stay, but so are the risks. The difference between being tomorrow’s breach headline and being a trusted brand lies in how fast and how firmly you act.

The challenge is real. The insight is clear. The solution is available.

Don’t wait until your next Zoom or Teams call becomes a liability. Partner with Intwo to secure your remote workplace today.

Managed Azure Cloud

Dynamics Services

Data, Analytics & AI

Modern Workplace

Cybersecurity & Compliance

Business Applications

Microsoft Azure

Logistics and Distribution

Manufacturing

Real Estate

Retail

Professional Services

About Intwo

Security and Compliance

Partnerships

BLOG