Securing the ‘Third Place’: Guidelines for Working Remotely

cybersecuritysolicitors
Written By Tom Briscombe

A latte and lack of security

8 Minute Read or 3 minute scan

Your account manager is finalising a six-figure deal from a corner table at Costa. Your operations director is reviewing payroll from their kitchen table. Your sales team is updating the CRM between meetings at a client's office. 

This is normal now. Flexible working isn't going away, and frankly, it shouldn't—it's good for morale and productivity. 

But here's the problem: your team is accessing company systems, client data, and financial information from networks you don't control. And unless you've specifically addressed this in your security setup, you're leaving the door wide open. 

The Coffee Shop Reality Check 

Let's be clear about what public Wi-Fi actually is: it's a network that anyone can join, with minimal or no security, where all your data travels through the air unencrypted. When your employee logs into your accounting system from Starbucks, they're essentially shouting their password across a crowded room. 

Cybercriminals know exactly where to find remote workers. Coffee shops, libraries, hotel lobbies—anywhere with free Wi-Fi becomes a hunting ground. The attacks are embarrassingly simple: 

  • Fake Networks: Hackers set up networks called "Free_WiFi" or "Costa_Guest" (close enough to look legitimate). Your employee connects, and now everything they do flows through the attacker's laptop first. 

  • Network Snooping: Even on legitimate public networks, criminals use readily available tools to intercept traffic. Passwords, emails, file transfers—it's all visible unless it's encrypted. 

This isn't theoretical. We've dealt with breaches that started exactly this way: an employee working remotely, connected to public Wi-Fi, inadvertently gave criminals access to company systems. 

The Home Network Problem 

"But Tom, our team mostly works from home, not coffee shops." 

Fair point, but home networks aren't automatically secure either. That £30 router from your employee's ISP probably hasn't been updated since 2019. Their kids are gaming on the same network. Their partner's downloading who-knows-what. Smart TVs, Ring doorbells, and Alexa devices all share that same connection. 

When your finance manager accesses your company server from this environment, you're trusting security you've never verified. 

The Only Solution That Actually Works: VPN 

A Virtual Private Network (VPN) creates an encrypted tunnel between your employee's device and your company systems. Think of it as a private, secure corridor through the wild west of the public internet. 

Everything gets encrypted before it leaves their laptop. Even if they're on a compromised network, criminals see gibberish. They can't read passwords, intercept emails, or access files. 

Our advice: 

  • Provide a VPN to every remote worker 

  • Make it automatic 

  • Enforce it technically 

Physical Security Matters Too 

Thieves specifically target third space areas because people let their guard down. 

A stolen laptop isn't just a £1,000 replacement cost. It's: 

  • Whatever data was on that device 

  • Access to any systems still logged in 

  • Potential access to company credentials stored in browsers 

  • A data breach you need to report to the ICO 

Quick rules for your team: 

  • Never leave devices unattended. Ever. Not even "just for a minute." 

  • Use cable locks if staying somewhere for extended periods (they're a deterrent, not foolproof) 

  • Enable full disk encryption on all laptops (so if one is stolen, the data can't be accessed) 

  • Require strong passwords on device login, not just easy PINs 

Your Remote Work Security Policy 

You need an actual written policy. Not because you love bureaucracy, but because employees shouldn't have to guess what's expected. 

Your policy should cover: 

  • Public Wi-Fi Rules 

  • Device Security 

  • Home Working 

Cyber Essentials 

And here's the critical bit: This needs to align with Cyber Essentials requirements. If you're pursuing certification (which protects you and can win you business), your remote access setup is one of the five core controls assessed. Get this wrong, and you won't pass. 

Cyber Essentials specifically requires that you: 

  • Control who can access your systems and data 

  • Use secure configurations 

  • Protect against malware 

  • Keep devices and software up to date 

  • Control access to networks and systems 

Remote working touches all of these.

Getting remote work security right isn't just protecting your business—it's meeting your baseline security obligations. And if you work with larger clients or public sector organizations, Cyber Essentials certification is increasingly non-negotiable. 

Don't Overcomplicate This 

Remote work security boils down to three things: 

Encrypt the connection (VPN) 

Secure the device (encryption, passwords, physical security) 

Set clear rules (policy everyone understands) 

Do these three things properly, and you've addressed 90% of the risk. Ignore them, and you're gambling with your business every time someone opens a laptop in public. 

At Saturday Cloud, we help South Wales businesses implement practical remote work security that work. Practical tools and policies that protect your business without making remote work impossible. 

Because flexible working is here to stay. Your security needs to keep up. 

Arrange a conversation

“Republished with Permission from The Technology Press

Tom Briscombe
Next

Stop the “Insider Threat” Secure Employee Offboarding