Cybersecurity Threats Targeting Remote Workers: A Review

Abstract

Remote workers encounter numerous cybersecurity risks that differ significantly from those faced in traditional office settings. These threats can range from cybersecurity risks, such as phishing attacks and data breaches, to challenges like feelings of isolation and work-life balance issues. The widespread use of insecure home networks further exacerbates these risks, as many employees connect their devices to Wi-Fi networks that lack essential security measures like strong passwords and encryption. As remote employees operate beyond the protective perimeter of an organisation’s secure systems, businesses are increasingly dependent on robust cybersecurity frameworks, best practices, and comprehensive policies to protect their data and assets. The primary objective of this paper is to tackle the urgent issues related to cybersecurity management in remote work settings. This study presents a systematic review of research on cybersecurity risks targeting remote workers, following the PRISMA framework. A total of 20 studies published between 2019 and 2025 were reviewed from Scopus and Google Scholar. The results showed that phishing, malware, ransomware, insecure networks and human factors such as the lack of cybersecurity awareness training are among the most frequently reported threats. The most common mitigation strategies include employee training and awareness, VPNs, multifactor authentication (MFA) and the adoption of the zero-trust framework. Recommendations include offering relevant, current, and personalised cybersecurity awareness training for remote workers, as well as implementing and training on security tools such as multi-factor authentication (MFA) and the use of strong passwords.