Get All Access for $5/mo

Data Breaches Cost $1 Million More When Remote Work Is Involved — Here Are 4 Steps to Protect Your Business. As many companies return to the office, remote work remains prevalent, introducing security risks. However, you don't need to pull everyone back into the office. I'll share how the company I work for addresses these risks and how you can safeguard yours.

By Mykola Srebniuk Edited by Kara McIntyre

Key Takeaways

  • Step 1: Categorize your company's data.
  • Step 2: Calculate the cost of a breach and create policies to prevent them.
  • Step 3: Reduce the risks of remote work by taking ownership of computer security.
  • Step 4: Encourage your remote workers to be responsible for protecting company data at home.

Opinions expressed by Entrepreneur contributors are their own.

Remote work is a double-edged sword: It provides your employees with the comforts of staying at home, but it also creates additional security risks as they are more likely to use unprotected devices and connect to unsecured public networks.

At least 20% of businesses went through a data breach caused by remote workers. As reported by IBM, the average data breach cost is $1 million higher in companies where remote work is common. It also takes 58 days longer for such organizations to discover and contain data breaches.

Related: Entrepreneurs Beware: Remote Work Can be Fertile Ground for Cybercriminals

Step 1: Categorize your company's data

Your business holds vast data, from client credit card details to employee IDs. For effective security, categorize your information. We classify ours into three: critical, restricted and confidential data.

Critical data is what, if leaked, would seriously damage the company's reputation, making a return to normal operations almost impossible. It includes user credentials, card security codes, client order history and customer behavior data. I would also add source code for software companies.

Restricted data, if leaked, could seriously threaten our business. It would undermine the company's reputation, but it'd be possible to continue operating in a limited way. Such data contains emails, locations, device info, app usage insights and many other kinds of data from our customers.

The last category, confidential data, includes the organization's trade secrets. Such leaks would harm the company's operations but would have a smaller impact on its reputation. It comprises the team members' data, company policies and procedures, recruitment process details, source code, financial statements and more.

Step 2: Calculate the cost of a breach and create policies

We all hate bureaucracy— I know that. Yet for a business to work, its members must follow certain rules (i.e. policies). To create a good cybersecurity policy for remote workers, you need accurate data. I recommend calculating the cost of potential data breaches using real money.

Be sure to take into account all types of losses. A company's data breach results in direct expenses like investigation and compensation, indirect costs from recovery efforts and lost revenue and opportunity costs due to reputational damage and lost potential business.

After calculating the costs of a data breach, design policies. Standard procedures usually include policies on how you label and share data, what security controls you must have and what training your workers must attend.

Related: How Do You Manage Cybersecurity With Employees Across the Globe? Here's Your Answer.

Step 3: Reduce the risks of remote work

First, ensure the security of your computers. Make it so your remote workers access corporate resources from corporate devices only. Have your helpdesk specialists configure all devices according to your information security standards. They'll need special administration tools for the task like JAMF.

Second, monitor the state of your corporate devices. Handle the installation of patches, security updates and the latest versions of OS and software. Use special monitoring tools like JAMF and encourage employees to keep their working stations up-to-date. Last, install an Endpoint Detection and Response (EDR) or Antivirus (AV) agent to track malicious activities on your corporate computers. An example of such a system would be CrowdStrike.

Third, control the access to corporate resources. Remote workers should only have access to resources necessary for their work. Make it so they can interact with them only with the corporate VPN turned on. I recommend also enabling IPS or IDS on the VPN to look out for network anomalies.

Don't forget about multi-factor authentication. It'll add one more layer of security to your company's data and decrease the chance of unauthorized access, and you can use ready-made MFA solutions.

Step 4: Encourage your remote workers to be responsible

Truth bomb: The actions above aren't enough to protect your business from security risks. About 60% of attacks succeed because average employees make mistakes. It's your duty to help your employees understand the importance of cybersecurity.

First, encourage them to use special apps that track whether their device is safe. They can be in the form of a security checklist, which dynamically checks various system indexes and is easy to understand.

Second, motivate workers to keep the corporate VPN turned on. You can also make their lives a lot easier by making the VPN connect automatically when the system starts up. If you don't have a business VPN, use a regular one from a trusted provider.

Last, don't forget about training. Encourage your workers to learn, but make it exciting. Monotonous video lectures won't do — add gamification and interactivity. Your company's security rests with your team; build a strong human firewall by instilling best practices and fostering vigilant behaviors.

Related: How Safe Is Your Data While Working Remotely?

Bonus step: What to do with your freelancers

The problem with freelancers is that you can neither make them work on your corporate laptops nor install special security software on their devices. You can, however, manage their access to your company's resources.

Limit their access to essential company resources, using the least privilege principle. If feasible, avoid access altogether and establish secure data-sharing protocols. Always clarify collaboration terms in contracts and NDAs detailing data access and usage. Emphasize that violations may lead to legal consequences.

Safeguarding your company in a remote work era is entirely achievable. Begin by discerning the types of data you possess and understanding the potential costs of breaches, tailoring security measures in response. Prioritize the integrity of your corporate devices and manage access to resources. Talk to your remote workers and implement the use of robust security tools like VPNs.

Mykola Srebniuk

Head Of Information Security at MacPaw Inc.

Mykola Srebniuk has more than 15 years of experience working in computer networking and cybersecurity. Srebniuk is passionate about building and deploying security solutions and processes from scratch, helping companies stay secure and avoid cyber threats.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Side Hustle

'The Work Just Fills My Soul': She Turned Her Creative Side Hustle Into a 6-Figure 'Dream' Business

Kayla Valerio, owner of vivid hair salon Haus of Color, transformed her passion into a lucrative venture.

Marketing

6 Cost-Effective Ways to Acquire Brand Ambassadors

Boost your brand's visibility and credibility with budget-friendly strategies for acquiring brand ambassadors.

Making a Change

Mastering Resilience: Learn to Detach Mistakes from Your Self-Worth with Darrell Vesterfelt

A moment of crisis led to his partners asking him to step away from one of the businesses that he co-founded

Devices

Remove Unwanted Files from Your Work Mac Fast with This $32 Lifetime License

MacCleanse can help you safely and securely clean up your computer.

Growing a Business

This Nurse-Turned-Entrepreneur Saw the Needs of Underserved Communities Firsthand. Now, His Company Uses AI to Help Them.

Kwamane Liddell, the innovative founder behind ThriveLink, shares his entrepreneurial journey.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.