The Scenario Nobody Wants to Think About

Your marketing manager works from home three days a week. She accesses your CRM, your file server, and your company email from her laptop. Her home router is a consumer device she bought four years ago and has never updated. Her teenage son uses the same network for gaming and has downloaded software from sources she doesn’t know about. Her smart TV, her thermostat, and her video doorbell are all on that same network.

Last month, her son’s gaming machine got infected with an infostealer — a type of malware that quietly harvests credentials from every device on the local network. It found her laptop. It found her saved browser passwords. It found her company credentials.

The attacker now has her username and password for your CRM. If you don’t have MFA enforced, they’re already in.

This is not a hypothetical. It is a documented attack pattern that the FBI’s Phoenix Field Office and cybersecurity researchers track as one of the primary initial access vectors for business compromises.

Why Phoenix Is Particularly Exposed

The rapid in-migration that reshaped the Phoenix metro brought people from tech-forward markets like California, Seattle, and Austin. Many of them are sophisticated professionals with high-value corporate access. Many of them set up home offices quickly, prioritizing connectivity over security.

Phoenix also has a large population of employees who are remote-first for the first time in their careers — workers in industries that went remote during the pandemic and never came fully back. Healthcare administration, legal support, financial services, and professional services all have large remote cohorts in the Valley who were never trained on home network security because it was never relevant before.

The Three Real Threats from Home Networks

1. The Unsecured Router

Consumer routers from major retailers ship with default credentials, outdated firmware, and minimal security features. Most are never updated after purchase. A router running firmware from 2020 has years of unpatched vulnerabilities that are publicly catalogued and exploitable by automated tools.

When an attacker finds a vulnerable router — and scanning tools find them within hours of connection — they can potentially intercept network traffic, redirect DNS queries, or gain a foothold on every device on the network.

2. Network Adjacency Attacks

A compromised device on the same home network as a work laptop is a serious threat even without directly attacking the laptop. Attackers can use network adjacency to intercept unencrypted traffic, conduct man-in-the-middle attacks, harvest credentials from network scanning, and identify other connected devices worth targeting.

The work laptop doesn’t have to be compromised. The network it’s on does.

3. Split-Brain Identity

Many remote employees use the same device for personal and work activities — or use personal accounts to access work resources because it’s convenient. Personal browsers with saved passwords, personal email accounts forwarding work communications, and personal cloud storage with work files all create data spillage that is nearly impossible to audit and extremely difficult to contain.

What Controls Actually Work

The good news: remote work security is a solved problem. The controls exist. The question is whether they’re deployed.

•       MFA everywhere: The single most important control. If an attacker harvests your employee’s credentials from a home network compromise, MFA stops them from using those credentials. No exceptions.

•       Mobile Device Management (MDM): Company laptops should be enrolled in MDM regardless of where they’re used. MDM enforces disk encryption, screen lock, OS currency, and gives IT remote wipe capability.

•       VPN or zero-trust remote access: Traffic between the employee’s device and company resources should be encrypted and authenticated. Open RDP or unprotected remote access is not acceptable.

•       DNS filtering at the device level: DNS filtering that travels with the device — not just applied at the office network — blocks malicious sites before connection, even on untrusted networks.

•       Network segmentation guidance: Employees with sensitive roles should be advised to place work devices on a separate network segment (easy with a modern router’s guest network feature) from personal devices and IoT.

•       Clear acceptable use policy: What systems can be accessed from personal devices? What data can be downloaded locally? What must go through the company VPN? Document it and train to it.

The Policy Conversation

Technology controls solve the technical problem. But there’s a parallel conversation about policy that many Phoenix employers are avoiding.

Do you have a written remote work security policy? Do your employees know what’s expected of them when they’re working from home? Have they been trained on home network risks specifically?

Most employers answer no to all three. That’s the gap between a managed security posture and “we hope nothing bad happens.”

AEGITz manages remote and hybrid work security for Phoenix-area businesses — from MDM deployment to VPN configuration to written remote work policies. If your team works from home and you’re not sure whether they’re protected, let’s talk.