Blending work with holidays has become the norm, with 42% of UK workers checking their emails while on holiday and 67% feeling under pressure to do so, even during annual leave.
This constant connection means many employees are logging into work accounts from airports, hotels, or beachside cafés, often over unsecured networks, quietly exposing businesses to serious cyber threats.
However, when employees log into work accounts while travelling, especially over public or unsecured networks, they may be unknowingly exposing their business to serious cyber risks.
At FLR Spectron, we help companies identify and prevent exactly these types of threats, and many start with everyday habits, not advanced attacks.
The Hidden Risks of Working Abroad
There’s a common assumption that cybersecurity threats come from malware, ransomware, or large-scale breaches. But in reality, many incidents stem from individual behaviour, especially when remote working.
In fact, nearly half of remote workers have knowingly compromised data security in the last year. Furthermore, the National Cyber Security Centre (NCSC) has witnessed a 20% rise in cyber attacks targeting remote workers over the past year.
Here are some of the most common high-risk habits we see:
- Using public Wi-Fi for work tasks
Hotel, airport, or café networks are often unencrypted and easy to spoof. Logging in to email, accessing cloud drives, or uploading files over these networks puts credentials and sensitive data at risk. - Forwarding work emails to personal accounts
Some employees do this to access files or conversations more easily from their phones or while offline. But personal inboxes typically lack the protections in place on corporate systems, making them an easy target for attackers. - Accessing cloud storage without security layers
Connecting to shared drives or cloud folders without a VPN or multi-factor authentication increases the chance of interception, especially on open networks. - Sharing files through free or unauthorised platforms
Free file-sharing tools are often not end-to-end encrypted. If used outside of company policy, they can leak sensitive data or be accessed by third parties.
“What feels convenient to an employee can quickly become a vulnerability,” says Kamran Bahdur, Technical Director at FLR Spectron. “In summer, we see a spike in risky login behaviours that compromise email accounts and expose business data.”
What Businesses Can Do to Keep Remote Teams Secure
Businesses can’t control where their employees work during the summer, but they can control how well-prepared they are. The goal isn’t to restrict flexibility, but to make secure access the default, and to support employees in making smart decisions while away.
Encourage switching off completely
Not every holiday needs to involve remote working. In fact, it shouldn’t. Encourage employees to fully disconnect where possible. Time away from work is vital for mental health, and reducing the urge to check emails also reduces the chance of risky logins over unsecured networks.
Equip your team with secure mobile access
When remote work is necessary, it must be safe by design. Roll out company VPNs, app-based MFA, and approved cloud-sharing tools before travel begins. If secure access is simple, staff are far less likely to take risks.
Offer timely cybersecurity reminders
A short digital checklist or summer-safe email guide can make a big difference. Most people don’t realise how vulnerable hotel Wi-Fi or personal email accounts can be. The more relevant and timely the advice, the more likely it is to be followed.
Make approved tools clear and accessible
Define which platforms are safe for email, storage, and communication, and communicate that clearly. Blocking known high-risk tools where appropriate can also help prevent accidental data exposure.
“Summer cyber hygiene starts with leadership,” says Kamran Bahdur, Technical Director at FLR Spectron. “Support your team to disconnect when they can, and give them the tools to stay secure when they can’t. Security is a shared responsibility, and it starts before the suitcase is packed.”
The Summer Cyber Checklist for Mobile Workers
Before staff travel or work remotely, we recommend they follow these principles.
Do:
Use a company VPN at all times when working outside the office
A VPN (Virtual Private Network) encrypts internet traffic, making it much harder for attackers to intercept data. Without it, anything sent or received over public Wi-Fi can be monitored or stolen, including login credentials and sensitive attachments.
Log in with MFA through an app, not SMS or email
Multi-Factor Authentication (MFA) adds a second layer of protection beyond your password. App-based MFA (like Microsoft Authenticator or Google Authenticator) is much more secure than SMS or email-based verification, which can be intercepted or spoofed.
Lock your screen when away from devices, even briefly
Whether it’s a laptop in a hotel room or a phone in a café, an unlocked screen is an open door. Devices should auto-lock after a short period of inactivity, but employees should be encouraged to manually lock screens the moment they step away.
Use only approved, secure file-sharing tools
If employees need to share files, they should use company-approved platforms that offer encryption and access control. Free tools might seem convenient but can lack basic protections, and some even publicly index shared content unless settings are changed manually.
Don’t:
Connect to open or shared Wi-Fi without protection
Public Wi-Fi networks are often unencrypted and can be easily faked by attackers. Connecting without a VPN exposes data in transit and makes it easier for hackers to intercept logins or inject malware.
Forward work messages to personal inboxes
This might seem like a harmless way to stay on top of tasks, but personal email accounts are rarely protected by enterprise-grade security. Once forwarded, your business no longer controls the data, and if the personal account is compromised, so is everything in it.
Log in on borrowed or public devices
Using a hotel computer, internet café machine, or a borrowed tablet introduces significant risk. Keyloggers, malware, or cached browser data could all capture login details or expose sensitive information.
Share files through unverified or free platforms
Many free file-sharing sites don’t offer encryption, access controls, or usage logs. They also may host your data outside the UK or EU, creating GDPR risks. Even worse, some allow files to be accessed via public links that can be easily guessed or indexed.
Working Remotely Doesn’t Need to Mean Taking Risks
Modern businesses rely on flexibility, but with flexibility comes responsibility. If your team is working from abroad this summer, make sure security travels with them.
At FLR Spectron, we help organisations secure email, protect remote access, and support hybrid workforces with tools that don’t get in the way.
“Security should be built into how we work, not bolted on as an afterthought,” says Badhur. “Especially when your team is connecting from places you can’t control.”
Need help securing your mobile team this summer? Get in touch to see how we can support you.