Summer 2025: Keeping Security When Everyone's Working From Everywhere

Between school holidays, workations, and summer Fridays, your team is about to scatter. Here's how to keep your business secure when nobody's in the office.

Summer is coming. And with it comes the annual dispersal of your workforce.

People working from holiday rentals. Parents working around childcare. Staff taking 'workcations' in places with questionable WiFi. The occasional desperate email from a sun lounger.

All of this is fine, as long as your security travels with them.

The Summer Security Challenges

Unfamiliar networks

Hotel WiFi. Coffee shop networks. Holiday let routers that haven't been updated since 2019. Your staff will connect to all of them.

The good news: most modern work happens over encrypted connections (HTTPS). The network can see that traffic exists, but not the contents.

The risk: man-in-the-middle attacks on unencrypted connections, and the general hygiene of shared networks.

Shared devices

'Can I quickly check my work email on your laptop?' The answer should be no. But it happens.

If work credentials get saved on a family device, that device is now part of your security perimeter.

Distracted users

People on holiday have their guard down. They're not looking for phishing emails - they're looking at the beach. That 'urgent' message is more likely to get clicked without scrutiny.

Reduced IT coverage

If your IT support is one person, what happens when they're on holiday too? Who handles an incident at 2pm on an August Friday?

The Controls That Matter

1. MFA on everything

If an attacker gets a password, MFA stops them using it. This is your single most important control for remote work.

Check: Is MFA enabled on every cloud account? Not just email - every service with company data.

2. Device management

Can you remotely wipe a lost laptop? Do you know what devices have access to your data?

Microsoft Intune (included in Business Premium) provides this. If someone's laptop gets stolen from a hire car, you can erase company data remotely.

3. Conditional Access

Blocking logins from countries where you don't operate eliminates a huge portion of attacks. Someone in Vladivostok tries to log in? Blocked automatically.

4. VPN or Zero Trust

If you have on-premise systems, how do remote staff access them? A VPN provides a secure tunnel. Modern 'Zero Trust' approaches verify every access attempt.

5. Clear policies

Do staff know what's allowed? Can they use personal devices? What about public WiFi? What should they do if something goes wrong?

The Practical Guidance

Do:

• Use your work laptop, not personal/family devices
• Use mobile data for sensitive work (more secure than public WiFi)
• Lock your devices, even in 'safe' locations
• Report anything suspicious immediately

Don't:

• Save work passwords on shared devices
• Leave devices unattended in public places
• Connect to open WiFi for anything sensitive
• Assume 'it can wait until I'm back' - security incidents don't wait

Before the Summer Starts

Audit your MFA coverage. Any gaps should be closed now.

Test your remote access. Can key staff access what they need from home? Better to find problems now than during an emergency.

Document your incident response. Who do people contact if something goes wrong? What's the backup if that person is also on holiday?

Remind staff about summer phishing. Attackers know people are distracted. A quick reminder helps.

Our Summer Checklist

Need help getting summer-ready? We can audit your remote work security posture and close the gaps.

Get a remote work security check