In March 2020, property valuation firm Hendricks & Gallagher sent its 47 Sydney staff home with instructions to log in on Monday morning. By Wednesday, three employees had clicked on phishing emails that would have been quarantined on the office network. By Friday, the IT manager had fielded 89 support tickets — triple the usual weekly load — most of them related to VPN dropouts and licensing issues with software that had never been designed for remote use. "We thought remote work was just the office, but somewhere else," says operations manager Priya Sundaram. "It turned out to be an entirely different IT problem."
Five years on, Hendricks & Gallagher operates a permanent hybrid model — two days in office for most staff, fully remote for several hires in Brisbane and Melbourne — underpinned by infrastructure that looks nothing like what existed in early 2020. The transformation took eighteen months and the guidance of managed service provider Bluerock IT Solutions. The phishing incident rate is now lower than it was in the pre-remote era. Support ticket volume is down 40 percent despite the team growing by twelve people.
Their experience crystallises a shift that IT teams across Australian businesses have navigated with varying degrees of success: remote work is not a simplified version of office work. It is a different operational model that requires deliberate architecture.
The Security Perimeter That No Longer Exists
The office network was never perfectly secure, but it had a defined perimeter. Firewalls, managed switches, and physical access controls meant that the threat surface was bounded. A distributed workforce dissolves that perimeter entirely. Each employee's home network — typically a consumer-grade router with default credentials and no centralised monitoring — becomes a potential entry point.
The Australian Signals Directorate's 2024 Cyber Threat Report noted that credential theft via home network compromise rose 34 percent year-on-year among Australian small and mid-sized enterprises, with the attack vector in a majority of cases traced to inadequately secured remote access configurations. The businesses most exposed were those that had deployed consumer VPN clients quickly during the pandemic and never revisited the architecture.
The managed service providers who do this well have moved away from traditional VPN models toward zero-trust network access frameworks, where every device is treated as untrusted regardless of location and access is granted application by application based on verified identity. For a staff member working from a Brisbane apartment, the experience feels identical to working in the office. For an attacker who has compromised their home router, the network boundary has effectively moved inside the device itself.
Device Management at Scale
Endpoint security is where distributed teams create the most concentrated risk, and also where managed services deliver the clearest operational value.
James Okafor, a senior security engineer at Melbourne MSP Sentinel Networks, describes a typical mid-sized client engagement: 60 employees, 80 devices including personal laptops used for work, three operating system versions, and no centralised visibility into patch status. "The first thing we do is a device audit," he says. "Usually around 30 percent of devices are running at least one critical unpatched vulnerability. Sometimes it's closer to half."
Modern mobile device management platforms — Microsoft Intune and Jamf are the dominant players in the Australian enterprise and mid-market respectively — allow MSPs to enforce security policies, push patches, and remotely wipe devices regardless of where they are. The operational overhead for the client is near zero. The security improvement is substantial.
Productivity Is an Infrastructure Problem
Executives often frame remote work productivity as a management or culture question. In practice, a significant portion of remote productivity loss is attributable to technical friction: slow VPN connections that make cloud applications unusable, video conferencing platforms not optimised for upload-heavy home internet connections, file sharing architectures that require full synchronisation before a document can be opened.
A 2024 survey by Gartner found that remote workers globally spent an average of 47 minutes per day waiting on or working around IT infrastructure. At an average Australian professional salary, that translates to roughly $9,000 per employee per year in lost productive time — before accounting for the frustration that correlates with elevated attrition.
The infrastructure fixes are often unglamorous: SD-WAN configurations that prioritise video and real-time collaboration traffic, split tunnelling that routes productivity applications directly to the internet rather than through a central data centre, and properly licensed Microsoft 365 or Google Workspace tenants rather than the hybrid arrangements many businesses ran through the pandemic. None of these are complicated. They require expertise, not innovation.
For Hendricks & Gallagher, the single change that generated the most visible improvement was not a security tool. It was migrating file storage from an on-premises server accessed via VPN to SharePoint Online. Average document open times dropped from 12 seconds to under two. Sundaram estimates it saved her staff collectively around 90 minutes a day. "It sounds trivial until you multiply it across 47 people, every day, indefinitely," she says.