“Penetration testing (or “pen testing”) must account for remote workers. To be effective, it must probe everywhere corporate traffic goes, but as we have just seen, this may now include personal machines and third-party equipment.