Re: Wasn't "But we had to have SMB for our internal shares on the network" the NHS problem?
"Surely a familar scenario for many remote workers?"
No - our VPN has security checks in place that won't let you connect fully until you've:
a - got the recent antivirus definitions
b - fully patched
c - had a recent scan
In the past, if you'd not logged in for more than a week it'd require you to go on site to get the updates... these days you get to update without being fully connected over vpn, so no trip required.
As a dev, I've mostly got control over the machine, but there are several group policies I don't have control over. Certain services are blocked, ports as well, and I can't disable security features like virus checker, or the software deployment software.
Being a remote worker isn't an excuse, or necessarily any riskier than on-site staff. Unsurprisingly we've not had any WannaCry infections in the multinational organisation of 10k people, with many remote workers.