Join our Waitlist for Expert Advice!

Data Breaches Cost $1 Million More When Remote Work Is Involved — Here Are 4 Steps to Protect Your Business. As many companies return to the office, remote work remains prevalent, introducing security risks. However, you don't need to pull everyone back into the office. I'll share how the company I work for addresses these risks and how you can safeguard yours.

By Mykola Srebniuk Edited by Kara McIntyre

Key Takeaways

  • Step 1: Categorize your company's data.
  • Step 2: Calculate the cost of a breach and create policies to prevent them.
  • Step 3: Reduce the risks of remote work by taking ownership of computer security.
  • Step 4: Encourage your remote workers to be responsible for protecting company data at home.

Opinions expressed by Entrepreneur contributors are their own.

Remote work is a double-edged sword: It provides your employees with the comforts of staying at home, but it also creates additional security risks as they are more likely to use unprotected devices and connect to unsecured public networks.

At least 20% of businesses went through a data breach caused by remote workers. As reported by IBM, the average data breach cost is $1 million higher in companies where remote work is common. It also takes 58 days longer for such organizations to discover and contain data breaches.

Related: Entrepreneurs Beware: Remote Work Can be Fertile Ground for Cybercriminals

Step 1: Categorize your company's data

Your business holds vast data, from client credit card details to employee IDs. For effective security, categorize your information. We classify ours into three: critical, restricted and confidential data.

Critical data is what, if leaked, would seriously damage the company's reputation, making a return to normal operations almost impossible. It includes user credentials, card security codes, client order history and customer behavior data. I would also add source code for software companies.

Restricted data, if leaked, could seriously threaten our business. It would undermine the company's reputation, but it'd be possible to continue operating in a limited way. Such data contains emails, locations, device info, app usage insights and many other kinds of data from our customers.

The last category, confidential data, includes the organization's trade secrets. Such leaks would harm the company's operations but would have a smaller impact on its reputation. It comprises the team members' data, company policies and procedures, recruitment process details, source code, financial statements and more.

Step 2: Calculate the cost of a breach and create policies

We all hate bureaucracy— I know that. Yet for a business to work, its members must follow certain rules (i.e. policies). To create a good cybersecurity policy for remote workers, you need accurate data. I recommend calculating the cost of potential data breaches using real money.

Be sure to take into account all types of losses. A company's data breach results in direct expenses like investigation and compensation, indirect costs from recovery efforts and lost revenue and opportunity costs due to reputational damage and lost potential business.

After calculating the costs of a data breach, design policies. Standard procedures usually include policies on how you label and share data, what security controls you must have and what training your workers must attend.

Related: How Do You Manage Cybersecurity With Employees Across the Globe? Here's Your Answer.

Step 3: Reduce the risks of remote work

First, ensure the security of your computers. Make it so your remote workers access corporate resources from corporate devices only. Have your helpdesk specialists configure all devices according to your information security standards. They'll need special administration tools for the task like JAMF.

Second, monitor the state of your corporate devices. Handle the installation of patches, security updates and the latest versions of OS and software. Use special monitoring tools like JAMF and encourage employees to keep their working stations up-to-date. Last, install an Endpoint Detection and Response (EDR) or Antivirus (AV) agent to track malicious activities on your corporate computers. An example of such a system would be CrowdStrike.

Third, control the access to corporate resources. Remote workers should only have access to resources necessary for their work. Make it so they can interact with them only with the corporate VPN turned on. I recommend also enabling IPS or IDS on the VPN to look out for network anomalies.

Don't forget about multi-factor authentication. It'll add one more layer of security to your company's data and decrease the chance of unauthorized access, and you can use ready-made MFA solutions.

Step 4: Encourage your remote workers to be responsible

Truth bomb: The actions above aren't enough to protect your business from security risks. About 60% of attacks succeed because average employees make mistakes. It's your duty to help your employees understand the importance of cybersecurity.

First, encourage them to use special apps that track whether their device is safe. They can be in the form of a security checklist, which dynamically checks various system indexes and is easy to understand.

Second, motivate workers to keep the corporate VPN turned on. You can also make their lives a lot easier by making the VPN connect automatically when the system starts up. If you don't have a business VPN, use a regular one from a trusted provider.

Last, don't forget about training. Encourage your workers to learn, but make it exciting. Monotonous video lectures won't do — add gamification and interactivity. Your company's security rests with your team; build a strong human firewall by instilling best practices and fostering vigilant behaviors.

Related: How Safe Is Your Data While Working Remotely?

Bonus step: What to do with your freelancers

The problem with freelancers is that you can neither make them work on your corporate laptops nor install special security software on their devices. You can, however, manage their access to your company's resources.

Limit their access to essential company resources, using the least privilege principle. If feasible, avoid access altogether and establish secure data-sharing protocols. Always clarify collaboration terms in contracts and NDAs detailing data access and usage. Emphasize that violations may lead to legal consequences.

Safeguarding your company in a remote work era is entirely achievable. Begin by discerning the types of data you possess and understanding the potential costs of breaches, tailoring security measures in response. Prioritize the integrity of your corporate devices and manage access to resources. Talk to your remote workers and implement the use of robust security tools like VPNs.

Mykola Srebniuk

Head Of Information Security at MacPaw Inc.

Mykola Srebniuk has more than 15 years of experience working in computer networking and cybersecurity. Srebniuk is passionate about building and deploying security solutions and processes from scratch, helping companies stay secure and avoid cyber threats.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Side Hustle

This 79-Year-Old Retiree's Side Hustle Earns $4,000 a Month: 'I Work as Much or as Little as I Desire'

Dan Weiss saw an article about a side hustle in the local newspaper — then decided to try it himself.

Starting a Business

She Started a Business With $300 After Getting Laid Off. It Made $300,000 in Year 1 and Became a Multimillion-Dollar Company.

Bobbie Racette wanted to revamp the virtual assistance space — and provide job opportunities for underrepresented communities at the same time.

Money & Finance

These 3 Money Mistakes Derailed My Financial Stability as a Latina Entrepreneur — Here's How You Can Avoid Them

These are common hurdles for Hispanic entrepreneurs, but with the right strategies, you can overcome them and achieve lasting financial stability while staying true to who you are. Here's how to avoid the three biggest mistakes that could be holding you back.

Science & Technology

These Are the 9 Dead Giveaways That AI Wrote This Story

How to spot a bot behind the content you read—everytime.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.