LONDON — Companies expanding remote work setups during the COVID-19 lockdowns of early 2020 overlooked critical security measures, leaving networks vulnerable to sophisticated threats. What began as limited access for IT staff and executives ballooned into companywide arrangements practically overnight.

Before the pandemic, remote capabilities served niche roles. Finance firms maintained contingency plans after events like the 9/11 attacks, ready to shift operations if offices shut down. Those setups adapted quickly to pandemic restrictions. But scaling them up introduced dangers absent two decades prior.

The threat landscape evolved dramatically. Hackers now deploy complex tactics. In 2007, intruders stole 45 million credit and debit card numbers from TJ Maxx after breaching a wireless network in a Marshalls store. The 2013 Target breach compromised 40 million customer cards and 70 million contact details through hacked credentials of an HVAC contractor. Both cases shared a fatal flaw: Once inside, attackers roamed freely across the full corporate network.

Such blanket access proves unnecessary, according to security frameworks outlined in the 1995 Computer Security Handbook. Author Roger Grimes advocated security zones to restrict reach into sensitive assets. Initially aimed at third-party systems like trading portals, the approach later applied to guest Wi-Fi for visitors.

Large-scale remote work demands the same strategy. Workers often connect via hosted desktops using Citrix or RDP protocols. Authentication alone falls short; permissions must match job functions precisely. Systems admins might require networkwide entry. Developers access test environments, not production databases holding customer data. Customer service reps stick to web portals, avoiding tools like SSH or FTP used by coders.

Picture the network as compartments, each locked to role-specific needs. Grimes detailed this in his presentation on ‘Compartmented Networks: A Corporate Solution for Privacy, Integrity, and Security’ at the 11th Annual New York State Cybersecurity Conference. Setup demands more than a single firewall. It requires tailored policies and ongoing oversight.

Yet the investment pays off. Managing zones demands less effort than recovering from a full-scale breach. Retailers processing payments, HR systems with employee records, and industrial controls all warrant isolation. In the TJ Maxx case, zoned access would have contained the Wi-Fi intrusion. Target’s contractor hack might have stayed local to HVAC systems, sparing payment networks.

Remote expansion multiplies weak points. Home setups lack office safeguards. Phishing claims credentials daily. Proactive limits curb damage. A stolen admin password wreaks havoc unchecked. A clerical worker’s compromised login stays boxed in.

Officials at firms like RLG Security Consulting stress this now, as of March 15, 2020. ‘Broadening remote arrangements heightens compromise odds,’ one report states. ‘Pre-limit the blast radius.’

Breaches cost millions in fines, lawsuits, and lost trust. Equifax’s 2017 lapse exposed 147 million records, drawing $700 million in settlements. No firm wants that spotlight. Zoned remote access fits smoothly into existing VPNs and zero-trust models gaining traction.

Implementation starts simple. Inventory user roles. Map required apps and data. Deploy micro-segmentation tools from vendors like Illumio or Guardicore. Test rigorously before rollout. Monitor logs for anomalies.

Organizations heeding these steps navigated 2020’s disruptions intact. Others learned painfully. The lesson endures: Scale remote access, but never at security’s expense.