Remote Working Security Assessment | Redscan
  • Services
    • Protect
      • Offensive Security
      • Penetration Testing
      • Web Application Testing
      • Cloud Penetration Testing
      • Agile Penetration Testing
      • Network Penetration Testing
      • Mobile Application Testing
      • Red Teaming
      • Breach and Attack Simulation
      • Ransomware Preparedness
      • Scenario-Based Testing
      • Advisory Services
      • Cyber Policy Review
      • Cyber Due Diligence
      • Supply Chain Due Diligence
      • Compliance Advisory
      • Virtual CISO
      • DPO Services
      • Dark Web Monitoring
      • Application Security
      • Threat Modelling
    • Detect
      • Managed Detection and Response
      • Kroll Responder MDR
      • MDR for Microsoft
      • Use Cases
      • Redscan Platform
      • Features Table
      • MDR vs MSSP
      • Managed SIEM
      • Managed EDR
      • Managed SOC
    • Respond
      • Digital Forensics and Incident Response
      • Cyber Incident Response
      • Incident Response Planning
      • Breach Notification
      • Digital Forensics
      • Litigation Support
      • Malware Analysis &
        Reverse Engineering
      • Cyber Risk Retainer
  • Solutions
    • Industry
      • Education
      • Energy
      • Finance
      • Fintech
      • Government
      • Healthcare
      • Legal
      • Manufacturing
      • Media
      • Nonprofit
      • Property
      • Retail
      • Technology
      • Transport
    • Compliance
      • GDPR
      • DPA 2018
      • PCI DSS
      • ISO 27001
      • NIS Directive
      • SWIFT CSP
      • NHS DSP Toolkit
    • Cloud Security
      • Hybrid Cloud
      • AWS
      • Azure
      • GCP
      • Office 365
      • G Suite
      • Hyper-V
      • VMWare
    • Security Challenge
      • Mitigating cyber security risk
      • Identifying and responding to threats
      • Testing cyber security readiness
      • Managing cloud security
      • Investigating and reporting breaches
      • Protecting against malware
      • Tackling phishing and BEC attacks
      • Defending against insider threats
      • Achieving GDPR compliance
      • Securing remote workers
  • Company
    • About
      • Company Overview
      • Careers
      • Awards
      • Accreditations
      • Redscan Labs
    • Resources
      • Cyber Security Blog
      • Case Studies
      • Resource Hub
      • Press Releases
      • Media Coverage
      • Cyber Security Glossary
    • Contact Us
      • General Enquiries
      • Incident Response Enquiries
      • Customer Support
      • Partner With Us
      • Media Requests
Get In Touch
GET IN TOUCH

Speak to a pen test expert

Get in touch for a no obligation quote

1000 characters left
View our privacy policy
Experiencing a breach? Get emergency incident response assistance.
Redscan Logo
  • Services
  • Solutions
  • Company
  • Protect
    Offensive security assessment and consultancy services
  • Detect
    Outcome-focused MDR fuelled by frontline intelligence
  • Respond
    Unrivaled response through the entire incident lifecycle
    • Offensive Security
    • Penetration Testing
    • Web Application Testing
    • Cloud Penetration Testing
    • Agile Penetration Testing
    • Network Penetration Testing
    • Mobile Application Testing
    • Red Teaming
    • Breach and Attack Simulation
    • Ransomware Preparedness
    • Scenario-Based Testing
    • Advisory Services
    • Cyber Policy Review
    • Cyber Due Diligence
    • Supply Chain Due Diligence
    • Compliance Advisory
    • Virtual CISO
    • DPO Services
    • Dark Web Monitoring
    • Application Security
    • Threat Modelling
    • Managed Detection and Response
    • Kroll Responder MDR
    • MDR for Microsoft
    • Use Cases
    • Redscan Platform
    • Features Table
    • MDR vs MSSP
    • Managed SIEM
    • Managed EDR
    • Managed SOC
    • Digital Forensics and Incident Response
    • Cyber Incident Response
    • Incident Response Planning
    • Breach Notification
    • Digital Forensics
    • Litigation Support
    • Malware Analysis &
      Reverse Engineering
    • Cyber Risk Retainer
  • Industry
  • Compliance
  • Cloud Security
  • Security Challenge
  • Education
  • Energy
  • Finance
  • Fintech
  • Government
  • Healthcare
  • Legal
  • Manufacturing
  • Media
  • Nonprofit
  • Property
  • Retail
  • Technology
  • Transport
  • GDPR
  • DPA 2018
  • PCI DSS
  • ISO 27001
  • NIS Directive
  • SWIFT CSP
  • NHS DSP Toolkit
  • Hybrid Cloud
  • AWS
  • Azure
  • GCP
  • Office 365
  • G Suite
  • Hyper-V
  • VMWare
  • Mitigating cyber security risk
  • Identifying and responding to threats
  • Testing cyber security readiness
  • Managing cloud security
  • Investigating and reporting breaches
  • Protecting against malware
  • Tackling phishing and BEC attacks
  • Defending against insider threats
  • Achieving GDPR compliance
  • Securing remote workers
  • About
  • Resources
  • Contact Us
  • Company Overview
  • Careers
  • Awards
  • Accreditations
  • Redscan Labs
  • Cyber Security Blog
  • Case Studies
  • Resource Hub
  • Press Releases
  • Media Coverage
  • Cyber Security Glossary
  • General Enquiries
  • Incident Response Enquiries
  • Customer Support
  • Partner With Us
  • Media Requests
Get in touch
Image of a virtual data centre processing data Image of a virtual data centre processing data

Remote Working Security Assessment

Ensure your networks, applications and devices are protected and fully secured for remote employee access

SC Awards Winner 2022 Logo

Services > Penetration Testing > Remote Working Security Assessment

Overview

Identify and address remote working security risks with a specialist penetration test

If your organisation is embracing mass remote working for the first time, it’s important to ensure that it is doing so securely. Enabling workers to access the systems and data they need from home can create a wide range of cyber risks that attackers can be quick to exploit.

A remote working assessment from Redscan is a type of penetration test designed to identify and help comprehensively address security vulnerabilities that can result as a consequence of employees working outside of the office. This includes misconfigured infrastructure, devices, SaaS applications and security controls.

Challenges

Remote working security challenges

A vastly increased attack surface
Perimeter security no longer effective
Identity and access management
Reduced endpoint visibility
Employee-owned device usage
Managing cloud applications

Risks

Common home working security risks

Our CREST-certified security experts are experienced at helping organisations to identify and address a wide range of home working security risks, including:

VPN misconfigurations

Organisations commonly use Virtual Private Networks (VPNs) to enable remote workers to access corporate applications and data. We review your chosen VPN solution to ensure that it is hardened to prevent attackers from accessing your network and intercepting communications. This includes ensuring that VPN split-tunnelling, used to reduce impact on bandwidth, is implemented as securely as possible.

Cloud misconfigurations

Flaws in the way that cloud platforms and SaaS applications such as Office 365 and G Suite are set up could leave data and assets exposed. We thoroughly inspect your cloud and hybrid environments to identify risks and provide guidance to help ensure workloads are hardened in line with the latest security best practices, including benchmarks from the Center for Internet Security (CIS).

Improper access controls

To ensure that remote workers are able to access the systems they need outside the office, many organisations relax security settings such as IP address whitelisting. Use of access management technologies such as cloud access security broker (CASB) and zero-trust network access (ZTNA) can help to reduce risk, but these tools aren’t always configured optimally. We will review any access controls to ensure that they are implemented securely and configured with the latest threats in mind.

BYOD

Bring-your-own-device (BYOD) is the practice of allowing employees to use their own devices to access company networks. Some organisations use remote access technologies, application containers and application wrapping to mitigate the associated risks, but these need to be implemented securely. We review your organisation’s BYOD policy and controls to help identify improvements.

Firewall misconfigurations

Firewall misconfigurations could provide an opportunity for an attacker to obtain easy access to a network, install malware and conduct command and control (c2) activity. We assess your organisation’s firewall settings to identify open ports and review firewall policies to help ensure they adhere to the principle of least privilege.

RDP flaws

Remote Desktop Protocol (RDP) is used by remote employees to connect to and access servers and other devices. We check that RDP is configured securely and free of vulnerabilities which could allow cybercriminals to remotely take over unpatched devices.

FAQs

Remote working FAQs

What is a remote working security assessment?

A remote working security assessment is a type of penetration test designed to help organisations identify and address security risks that result as a consequence of employees working outside of the office. An assessment can uncover a range of security risks, such as misconfigured infrastructure, systems and applications. Unsafe remote working practices can also be identified.

What is a remote access penetration test?

A remote access penetration test is a type of penetration test that is specifically focused on identifying cyber security risks that result from the use of remote access solutions such as a virtual private network (VPN), a Remote Desktop Protocol Client (RDP) and Virtual Desktop. A remote access pen test can also be used to assess the implementation and use of cloud access security broker (CASB) and zero-trust network access (ZTNA) tools.

How long does a remote working security assessment take to conduct?

The time it takes a penetration tester to complete a remote working security assessment is dependent upon the scope of the engagement. A typical test to identify critical issues generally takes no more than a couple of days, but a more focused engagement to review policies such as firewall settings can extend the testing and reporting period. The duration of a test will also dependent upon the approach – whether it is a whitebox, blackbox or greybox engagement.

Can a remote working security assessment include a phishing test?

Yes, absolutely. Upon request, a remote working penetration test can include a custom email phishing exercise, designed to assess and help improve the security awareness of employees that work from home. Assessments can also target specific individuals to mirror spear phishing and business email compromise (BEC) attacks.

How has COVID-19 created additional home working security risks?

The COVID-19 pandemic has led to increased security risks for most companies, especially those that have been forced to embrace remote working for the first time. Many organisations prior to the pandemic were not set up properly to support remote working and have been forced to implement quick solutions to stay operational and provide employees with access to systems and data. In such instances, cyber security can be an afterthought.

What COVID-19 security risks should homeworkers be aware of?

Homeworkers should be alert to a wide range of remote working security risks during the COVID-19 pandemic. Users should be particularly aware of coronavirus themed phishing attacks, designed to trick recipients into disclosing sensitive information and/or installing malware.

Employees also need to exercise caution when using third party applications such as video conferencing software, which could introduce security vulnerabilities and create privacy and compliance issues.

Interested to learn more?

Get in touch

Types of penetration test

Network infrastructure testing

Network infrastructure testing

Redscan rigorously investigates your network to identify and exploit a wide range of security vulnerabilities. This enables us to establish if assets such as data can be compromised, classify the risks posed to your overall cyber security, prioritise vulnerabilities to be addressed, and recommend actions to mitigate risks identified.

Network penetration testing
Wireless testing

Wireless testing

Unsecured wireless networks can enable attackers to enter your network and steal valuable data. Wireless penetration testing identifies vulnerabilities, quantifies the damage these could cause and determines how they should be remediated.

Wireless pen testing
Application and API security review

Application and API security review

Vulnerabilities contained within software are commonly exploited by cybercriminals and are easily introduced by under-pressure programmers. Redscan’s ethical hackers conduct automated and manual penetration tests to assess backend application logic and software and API source code.

Build and config review
Remote working assessment

Remote working assessment

If your organisation is embracing mass remote working for the first time, it’s important to ensure that it is doing so securely. Ensure your networks, applications and devices are protected and fully secured with a custom remote working security assessment.

Remote working pen testing
Web application security testing

Web application security testing

Web applications play a vital role in business success and are an attractive target for cybercriminals. Redscan’s ethical hacking services include website and web app penetration testing to identify vulnerabilities including SQL injection and cross-site scripting problems plus flaws in application logic and session management flows.

Web app testing
Social engineering

Social engineering

People continue to be one of the weakest links in an organisation’s cyber security. Redscan’s social engineering pen test service includes a range of email phishing engagements designed to assess the ability of your systems and personnel to detect and respond to a simulated attack exercise.

Social engineering testing
Mobile security testing

Mobile security testing

Mobile app usage is on the rise, with more and more companies enabling customers to conveniently access their services via tablets and smartphones. Redscan carries out in-depth mobile application assessments based on the latest development frameworks and security testing tools.

Mobile security testing
Firewall configuration review

Firewall configuration review

Firewall rule sets can quickly become outdated. Redscan’s penetration testers can detect unsafe configurations and recommend changes to optimise security and throughput.

Code review testing

Expertise

Our security qualifications

thumb
thumb
thumb
thumb
thumb

CEH

Certified Ethical Hacker (CEH)

Tiger Scheme

Tiger Scheme Qualified Security Team Member (QSTM)

CREST

CREST Registered Tester (CRT), CREST Simulated Targeted Attack and Response (STAR), CREST Certified Web Application Tester (CCT APP), CREST Certified Infrastructure Tester (CCT INF), CREST Certified Simulated Attack Manager (CC SAM), CREST Certified Simulated Attack Specialist (CC SAS), CREST SOC

Offensive Security

Offensive Security Certified Professional (OSCP)

ISACA

Certified Information Security Auditor (CISA)
Certified Information Security Manager (CISM)

Meet some of our team

Faisal
“Our remit is to think creatively to find solutions that will help keep your organisation more secure. We’re continually improving our knowledge of how adversaries think so that we can better identify security weaknesses and enhance detection of new and emerging threats.”
Faisal
Security Consultant
Philip Veness
“We aim to make sure that your organisation gets the best possible value from a pen test. We'll talk you through the assessment at every stage and answer any questions you might have along the way.”  

 

Philip
Security Consultant

Get a Pen Test quote now

Keep your business safe by protecting your networks, systems and apps with our penetration testing services.

  • One of the highest accredited UK pentesting companies
  • A deep understanding of how hackers operate
  • In-depth threat analysis and advice you can trust
  • Complete post-test care for effective risk remediation
  • Multi award-winning offensive security services
  • Avg. >9/10 customer satisfaction, 95% retention rate

1000 characters left
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
Threat-led pen testing and its role in DORA compliance
19th December 2024
The changing face of the incident response retainer
28th October 2024
What are the benefits of an incident response retainer?
26th September 2024
NCSC sets out plans to launch Advanced Cyber Defence 2.0
16th September 2024
Hospitality Company
Securing a hospitality company’s continued global expansion
Asset Management Firm
Enhancing security visibility for a leading asset management firm
National Homebuilder
Ensuring threat visibility across a hybrid cloud network
Specialist Bank
Raising the bar by uncovering vulnerabilities across a bank’s estate
AI-driven social engineering likely to be key cyber threat of 2026
A new report anticipates that AI-driven social engineering will be one of the most significant cyber threats of 2026, surpassing ransomware and supply chain attacks.
27th October 2025
UK companies lose an average of £2.9m to AI risk
New research suggests that the average company in the UK has lost millions due to unmanaged AI risk, with 55% claiming that these risks cost them over £750,000.
20th October 2025
Digital fraud costs companies 7.7% of annual revenue
New research suggests that soaring digital fraud costs companies around the world an average of 7.7% of their annual revenue, with US businesses hit the hardest.
13th October 2025
Agentic AI-powered breach likely to take place in 2026
New analysis predicts that an agentic AI deployment will cause a publicly disclosed data breach next year.
 
6th October 2025
Close
Redscan Logo

Get a quick quote

Please fill out the form below and we'll get back
to you shortly to discuss your testing requirements.
View our privacy policy
  • Penetration Testing
  • Managed Detection & Response
  • Incident Response
Contact Redscan: +44 (0)203 972 2500
London Office: Kroll, Level 6, The News, 3 London Bridge Street, London, SE1 9SG
  • Privacy Notice
  • Legal Notice
  • Company Policies
© Redscan (a trading name of Redscan Cyber Security Limited) 2025. All rights reserved.
Company Number - 09786838. ICO Registration Number - ZA184902.
Cookie Notice
We use cookies to analyse site traffic and optimise your browsing experience. Accepting necessary cookies is required to provide you with a minimum level of service.
ACCEPTCookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
__cf_bm1 hourThis cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_oksessionThe cookie is set by Olark live chat software and is used to store most recent Olark site for security purposes.
_okdetectsessionThis cookie is set by Olark live chat software. The cookie is used for detecting when storage contexts have changed due to things like ssl or host transitions.
_oklvsessionThe cookie is set by Olark live chat software. According to Olark documentation, the cookie is the Olark Loader version used for improved caching.
cookielawinfo-checkbox-advertisement1 yearSet by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent1 yearCookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
hblid1 year 1 month 4 daysThe cookie is set by Olark live chat software and is used as a visitor identifier to remember a visitor between visits.
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
CookieDurationDescription
langsessionLinkedIn sets this cookie to remember a user's language setting.
li_gc6 monthsLinkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc1 dayLinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory1 monthLinkedIn sets this cookie for LinkedIn Ads ID syncing.
yt-player-headers-readableneverThe yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-availablesessionThe yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installedsessionThe yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devicesneverYouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-idneverYouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-periodsessionThe yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-appsessionThe yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-namesessionThe yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEYneverThe cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
CookieDurationDescription
_okbksessionThe cookie is set by Olark live chat software and is used to store extra state information of the chat box.
olfsk1 year 1 month 4 daysThis cookie is set by Olark live chat software. This cookies is a storage identifier used to maintain chat state across pages.
SRM_B1 year 24 daysUsed by Microsoft Advertising as a unique ID for visitors.
wcsidsessionThis cookie is set by Olark live chat software. The cookie is a session identifier that is used to keep track of a single at session.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
_ce.gtldsessionCrazyegg sets this cookie to identify the top-level domain.
_clck1 yearMicrosoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk1 dayMicrosoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.
_ga1 year 1 month 4 daysGoogle Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*1 year 1 month 4 daysGoogle Analytics sets this cookie to store and count page views.
_gat_UA-*1 minuteGoogle Analytics sets this cookie for user behaviour tracking.
_gid1 dayGoogle Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
AnalyticsSyncHistory1 monthLinkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
cebssessionCrazyegg sets this cookie to trace the current user session internally.
CLID1 yearMicrosoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
MR7 daysThis cookie, set by Bing, is used to collect user information for analytics purposes.
SMsessionMicrosoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.
vuid1 year 1 month 4 daysVimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
CookieDurationDescription
ANONCHK10 minutesThe ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.
bcookie1 yearLinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie1 yearLinkedIn sets this cookie to store performed actions on the website.
li_sugr3 monthsLinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
MUID1 year 24 daysBing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
NID6 monthsGoogle sets the cookie for advertising purposes; to limit the number of times the user sees an ad, to unwanted mute ads, and to measure the effectiveness of ads.
test_cookie15 minutesdoubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE6 monthsYouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA6 monthsYouTube sets this cookie to store the user's cookie consent state for the current domain.
YSCsessionYoutube sets this cookie to track the views of embedded videos on Youtube pages.
yt.innertube::nextIdneverYouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requestsneverYouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
CookieDurationDescription
_ce.cchsessionDescription is currently not available.
_ce.clock_data1 dayDescription is currently not available.
_ce.clock_event1 dayDescription is currently not available.
_ce.irvsessionDescription is currently not available.
_ce.s1 yearDescription is currently not available.
_CEFT1 yearNo description available.
_cfuvidsessionDescription is currently not available.
_okckless than a minuteDescription is currently not available.
_okcssessionDescription is currently not available.
cebsp_sessionDescription is currently not available.
Powered by WebToffee Logo