When your employees work from home, they are connecting to your company systems from home routers shared with smart TVs, gaming consoles, and children's devices. They are using personal laptops that may not have antivirus. They are on public Wi-Fi in cafes. This is your new security perimeter.
The Zero Trust Foundation
The modern approach to remote security is Zero Trust: never trust, always verify. Every access request — even from inside your network — must be authenticated, authorised, and continuously validated. Here is how we implement this for SMEs without enterprise budgets.
The 12 Controls
Control 1: MFA EverywhereEnforce multi-factor authentication on all company accounts — Microsoft 365, Google Workspace, VPN, and any business application. Microsoft Authenticator is free. This single control stops 99.9% of account takeover attempts.
Control 2: Device Health PolicyOnly allow devices with current OS updates, antivirus, and disk encryption to access company resources. Enforce via Intune (Microsoft 365 Business Premium includes this) or Jamf for Mac.
Control 3: DNS FilteringDeploy Cloudflare Gateway or Cisco Umbrella to block malicious domains at the DNS level — before any connection is established. Blocks phishing sites even if an employee clicks a malicious link.
Control 4: Privileged Access ManagementNo standard employee should have local administrator rights on their device. Admin tasks should require a separate privileged account. This contains lateral movement after a breach.
Controls 5–8: Network & DataSplit tunnelling VPN, BYOD isolation via separate network VLAN, cloud backup with versioning, and DLP (Data Loss Prevention) policies to prevent sensitive documents from being emailed externally.
Controls 9–12: Monitoring & ResponseSIEM logging, monthly access review, incident response plan, and mandatory quarterly security awareness training for all staff. The human element remains the largest attack surface.
Verified By Solvitron
Need Expert Help With This?
Our certified engineers are available 24/7 to implement every step in this guide on your system — remotely and securely.