Most companies think they have a handle on how and where staff access business systems. But in reality, people check dashboards from their sofa, upload files from holiday rentals, and sign in from hotel rooms during conferences. These might not be official work-from-home arrangements, but they happen all the time.
Each time they do, company data travels through networks that IT teams have no control over. These untrusted networks are often overlooked, but they’ve quietly become one of the most exposed points in any organisation’s digital environment.
This is the uncontrolled network edge. It’s where staff connect into company systems from routers and devices that aren’t managed by your IT team. In this blog, we’ll explain why that matters, where the gaps are, and what your organisation can do about it.
What Is the Uncontrolled Network Edge?
The uncontrolled edge includes any network or setup that your organisation doesn’t directly manage but that still connects to your systems. This could be:
- Shared office or client site networks
- A home Wi-Fi router
- Wi-Fi in a holiday apartment
- Hotel or café internet
- IoT-heavy environments like smart homes
These are all networks staff use when they’re accessing data and systems from home or connecting to work systems outside the office. The problem is not that staff are doing anything wrong. It’s that these networks often include old or vulnerable devices, poor configuration, or no security controls at all.
Where Traditional Security Measures Fall Short
Most companies have invested in tools like VPNs, endpoint protection, SASE platforms and Zero Trust. These are all important, but none of them were built for what happens at the local network level when staff are working outside the office.
VPNs
VPNs encrypt traffic, but they don’t protect the environment it comes from. If a router is compromised, attackers can bypass or hijack that traffic before it even enters the tunnel.
Zero Trust
Zero Trust relies on trustworthy signals to make access decisions. But those signals can be manipulated if the device is on a compromised network, which means your policies could be built on false information.
SASE
SASE platforms secure traffic going to cloud services but don’t secure the local network. That leaves a gap between the device and the protected destination.
Endpoint Protection
Security tools installed on devices are essential, but they can’t see what’s happening on the network itself. If malware is sitting on another device nearby, your endpoint tools won’t catch it.
The Human Factor
This issue isn’t just about technology. It’s about how people behave. Staff often leave routers on default settings. They might never update the firmware. They might not know the risks of plugging work devices into smart home setups or using unfiltered public Wi-Fi.
These habits are normal, not careless. But they make it easier for attackers to get in without being noticed.
Risks from Routers and IoT Devices
Home routers are one of the weakest links in the chain. Most off-the-shelf models are never updated properly and come with known flaws that attackers scan for. State-sponsored attacks have already used compromised routers to quietly gain access to sensitive systems.
The same goes for smart devices. Things like cameras, voice assistants and doorbells might sound harmless, but many of them still ship with default credentials and rarely get security patches. Once compromised, they can be used as a stepping stone into company systems.
Practical Steps You Can Take
Use Secure, Managed Routers
Where possible, give staff access to routers that have locked-down firmware and can be managed centrally. This ensures that security policies are consistent and updates happen automatically.
Keep Work and Personal Traffic Separate
Avoid situations where staff use the same network for everything. If someone is pulling up data from the kitchen table, the traffic from their laptop should not be travelling alongside their smart TV or games console.
Train People on What Matters
Staff don’t need to become IT experts, but they do need basic awareness. Make it clear what a good router setup looks like, why it matters, and what to avoid when connecting to company systems from home or other places.
Add Local Network Awareness to Your Strategy
If you already use Zero Trust or SASE models, make sure you’re including local environments in that picture. It’s not just about apps and endpoints. It’s about what happens in between.
Regularly Audit Offsite Access
Look at how people are connecting. This includes weekend access to sensitive systems, staff logging into company systems from personal networks, or signing in from hotel Wi-Fi during a conference. These aren’t rare exceptions. They’re daily realities.
Even If You’re Office-Based, This Still Applies
Some companies assume that because they’ve brought staff back to the office, these risks no longer apply. But in most cases, they do.
People still access dashboards and files from untrusted networks. They still reply to messages from home in the evening. They still log in from non-office environments, even if it’s only for a short while.
If these moments aren’t being considered, then you’re not seeing the full picture of where your systems are being accessed and where attackers might try to get in.
Conclusion
The network edge is no longer something you control just by securing the office. People connect from home, from hotels, and from shared workspaces. These environments are outside your reach, but still part of your exposure.
Traditional tools don’t fully protect against this. But you don’t need to overhaul everything to improve it. By separating work traffic, using secure infrastructure, and giving staff the right support, you can close the gap.
It’s not about locking things down. It’s about seeing what’s really happening using this knowledge to make things safer.
A Note on Practical Solutions
If your team is thinking about how to secure this part of the network, there are simple tools out there to help. Some providers offer managed routers with secure firmware, automatic updates, and separation between work and personal use. Loxada is one of them that is designed specifically for this risk.
With regulators increasingly focused on network edge risks, particularly in healthcare, finance, and critical infrastructure, this isn’t just an IT concern it’s increasigly a compliance one too.
If you want to talk through how it might work in your organisation, we’re happy to help.
Want to dig deeper?
This blog is based on our latest whitepaper, Securing the Uncontrolled Network Edge. It includes external sources, case studies, and a practical checklist for organisations looking to address these risks.
Download the full whitepaper here for a more detailed look at the threats and the steps you can take to stay ahead.
