During the pandemic, remote working became a way of life. Fast-forward to 2025 and offices have largely evolved to hybrid working, requiring firms to improve their security practices to account for the more long-term change.  

So, what further changes can businesses expect to see in remote working in 2025 and how should CISOs adapt their strategies to account for this? 

AI-based attacks will impact remote workers  

2025 is going to be a big year for artificial intelligence (AI), with the technology increasingly used to super-charge attacks. Those working remotely can be more susceptible to AI-powered phishing and deepfake attacks, experts say. 

“Attackers are increasingly weaponising social media, using LinkedIn to profile employees and craft hyper-personalised attacks,” says Adam Seamons head of information security at GRC International Group. “For remote workers, the lines between personal and professional digital presence are blurred, making them even more vulnerable.”  

Policy enforcement will be a challenge  

It’s all well and good creating new policies to boost remote working security, but enforcing these can be a challenge. “Pressure to roll out policies across a distributed workforce – including tailoring training, education and policy enforcement across remote workers – can itself create vulnerabilities and risks,” says Keiron Holyome, VP UKI and emerging markets, BlackBerry. 

He advises reviewing how clear and accessible incident reporting processes are for those not based in the office. “Have simple instructions and ensure contacts been effectively communicated – and are they accessible and inclusive to address the needs and capabilities of all individuals? Can employees still contact the IT team if they are locked out of corporate software due to a breach?” 

Cybersecurity at home will pose risks 

It’s no secret that employees working from home can add security challenges via insecure networks and devices. This will continue to cause issues into 2025, experts say.  

“While workplace devices often have technical controls to prevent unsafe activities, remote workers are exposed to additional risks,” says Adam Pilton, senior cybersecurity consultant at CyberSmart.  

These include weak passwords, poor storage of credentials, lack of privacy settings on social media, and unsecured devices in public spaces, Pilton says. “With employees working from home or in co-working spaces, the traditional security perimeter has blurred, making it easier for cyber-criminals to exploit vulnerabilities.” 

As remote working has become more prevalent, the challenge for businesses is how to keep employees and data secure outside the corporate perimeter, agrees Poppy Simpson, senior manager software and services, NETGEAR. 

This has become “particularly urgent” with the increase in threats to home networks, she says. 

Return to office policies are mandated, but perhaps not needed 

It’s no longer all about hybrid working. In 2025 and beyond, many major employers are expected to implement return-to-office (RTO) policies, fundamentally reshaping workforce dynamics, says Chris Henderson, senior director of threat operations at Huntress. “While one prevailing justification for this shift is cybersecurity concerns, a closer look reveals a more nuanced reality. IT professionals overwhelmingly express confidence in their organisation’s ability to maintain robust security measures in remote and hybrid work environments.” 

He cites Huntress’ December 2024 survey of more than 200 IT professionals, which reveals that over 90 percent of cybersecurity experts are confident in their organisation’s ability to protect sensitive information, even outside traditional office settings. “The risks of remote work, particularly those linked to cybersecurity, may be overstated or even misrepresented,” he says.  

Businesses could invest in security solutions tailored for remote work – and zero trust 

As many firms continue a hybrid working strategy, 2025 could see greater investments in security solutions specifically tailored for remote work environments, particularly virtual private networks (VPNs) and secure access service edge (SASE), says Tom Exelby, head of cybersecurity at Red Helix.  

As cyber threats such as ransomware and network breaches continue to escalate, the need to limit attack impact has also pushed the zero trust model into the security spotlight, he says.  

“Zero trust’s foundational principle, ‘never trust, always verify’, offers a structured, proactive approach to minimise risk by restricting lateral movement across networks. By requiring continuous authentication and enforcing least-privilege access, organisations can significantly reduce exposure, granting access solely on a ‘need-to-know’ basis.”  

Boosting remote working security in 2025 

Remote working is set to continue into 2025, albeit in hybrid or sometimes mainly office-based settings.   

In the office, basic security means using strong passwords, multi-factor authentication (MFA), a password manager and making sure you apply updates when they are available, says Pilton. 

It’s also important that employees know the security mistakes that can get them into trouble. “Simple things such as using unsecured public Wi-Fi, not having appropriate security software, and failing to utilise data encryption technologies when mobile devices are lost or stolen are common mistakes that employees make when working remotely,” says Matt Aldridge, senior principal solutions consultant at OpenText Cybersecurity. 

Employee education is “a vital part of an organisation’s defence”, Aldridge says. “This should be the bedrock of a security strategy. There’s no use in investing in sophisticated cybersecurity software and services, if employees are clicking on dodgy links that give cybercriminals access to a network. This is even more important when dealing with remote employees who may be accessing the business network via personal devices.” 

Kate O'Flaherty Cybersecurity and privacy journalist