Get All Access for $5/mo

Data Breaches Cost $1 Million More When Remote Work Is Involved — Here Are 4 Steps to Protect Your Business. As many companies return to the office, remote work remains prevalent, introducing security risks. However, you don't need to pull everyone back into the office. I'll share how the company I work for addresses these risks and how you can safeguard yours.

By Mykola Srebniuk Edited by Kara McIntyre

Key Takeaways

  • Step 1: Categorize your company's data.
  • Step 2: Calculate the cost of a breach and create policies to prevent them.
  • Step 3: Reduce the risks of remote work by taking ownership of computer security.
  • Step 4: Encourage your remote workers to be responsible for protecting company data at home.

Opinions expressed by Entrepreneur contributors are their own.

Remote work is a double-edged sword: It provides your employees with the comforts of staying at home, but it also creates additional security risks as they are more likely to use unprotected devices and connect to unsecured public networks.

At least 20% of businesses went through a data breach caused by remote workers. As reported by IBM, the average data breach cost is $1 million higher in companies where remote work is common. It also takes 58 days longer for such organizations to discover and contain data breaches.

Related: Entrepreneurs Beware: Remote Work Can be Fertile Ground for Cybercriminals

Step 1: Categorize your company's data

Your business holds vast data, from client credit card details to employee IDs. For effective security, categorize your information. We classify ours into three: critical, restricted and confidential data.

Critical data is what, if leaked, would seriously damage the company's reputation, making a return to normal operations almost impossible. It includes user credentials, card security codes, client order history and customer behavior data. I would also add source code for software companies.

Restricted data, if leaked, could seriously threaten our business. It would undermine the company's reputation, but it'd be possible to continue operating in a limited way. Such data contains emails, locations, device info, app usage insights and many other kinds of data from our customers.

The last category, confidential data, includes the organization's trade secrets. Such leaks would harm the company's operations but would have a smaller impact on its reputation. It comprises the team members' data, company policies and procedures, recruitment process details, source code, financial statements and more.

Step 2: Calculate the cost of a breach and create policies

We all hate bureaucracy— I know that. Yet for a business to work, its members must follow certain rules (i.e. policies). To create a good cybersecurity policy for remote workers, you need accurate data. I recommend calculating the cost of potential data breaches using real money.

Be sure to take into account all types of losses. A company's data breach results in direct expenses like investigation and compensation, indirect costs from recovery efforts and lost revenue and opportunity costs due to reputational damage and lost potential business.

After calculating the costs of a data breach, design policies. Standard procedures usually include policies on how you label and share data, what security controls you must have and what training your workers must attend.

Related: How Do You Manage Cybersecurity With Employees Across the Globe? Here's Your Answer.

Step 3: Reduce the risks of remote work

First, ensure the security of your computers. Make it so your remote workers access corporate resources from corporate devices only. Have your helpdesk specialists configure all devices according to your information security standards. They'll need special administration tools for the task like JAMF.

Second, monitor the state of your corporate devices. Handle the installation of patches, security updates and the latest versions of OS and software. Use special monitoring tools like JAMF and encourage employees to keep their working stations up-to-date. Last, install an Endpoint Detection and Response (EDR) or Antivirus (AV) agent to track malicious activities on your corporate computers. An example of such a system would be CrowdStrike.

Third, control the access to corporate resources. Remote workers should only have access to resources necessary for their work. Make it so they can interact with them only with the corporate VPN turned on. I recommend also enabling IPS or IDS on the VPN to look out for network anomalies.

Don't forget about multi-factor authentication. It'll add one more layer of security to your company's data and decrease the chance of unauthorized access, and you can use ready-made MFA solutions.

Step 4: Encourage your remote workers to be responsible

Truth bomb: The actions above aren't enough to protect your business from security risks. About 60% of attacks succeed because average employees make mistakes. It's your duty to help your employees understand the importance of cybersecurity.

First, encourage them to use special apps that track whether their device is safe. They can be in the form of a security checklist, which dynamically checks various system indexes and is easy to understand.

Second, motivate workers to keep the corporate VPN turned on. You can also make their lives a lot easier by making the VPN connect automatically when the system starts up. If you don't have a business VPN, use a regular one from a trusted provider.

Last, don't forget about training. Encourage your workers to learn, but make it exciting. Monotonous video lectures won't do — add gamification and interactivity. Your company's security rests with your team; build a strong human firewall by instilling best practices and fostering vigilant behaviors.

Related: How Safe Is Your Data While Working Remotely?

Bonus step: What to do with your freelancers

The problem with freelancers is that you can neither make them work on your corporate laptops nor install special security software on their devices. You can, however, manage their access to your company's resources.

Limit their access to essential company resources, using the least privilege principle. If feasible, avoid access altogether and establish secure data-sharing protocols. Always clarify collaboration terms in contracts and NDAs detailing data access and usage. Emphasize that violations may lead to legal consequences.

Safeguarding your company in a remote work era is entirely achievable. Begin by discerning the types of data you possess and understanding the potential costs of breaches, tailoring security measures in response. Prioritize the integrity of your corporate devices and manage access to resources. Talk to your remote workers and implement the use of robust security tools like VPNs.

Mykola Srebniuk

Head Of Information Security at MacPaw Inc.

Mykola Srebniuk has more than 15 years of experience working in computer networking and cybersecurity. Srebniuk is passionate about building and deploying security solutions and processes from scratch, helping companies stay secure and avoid cyber threats.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Leadership

Visionaries or Vague Promises? Why Companies Fail Without Leaders Who See Beyond the Bottom Line

Visionary leaders turn bold ideas into lasting impact by building resilience, clarity and future-ready teams.

Marketing

5 Critical Mistakes to Avoid When Giving a Presentation

Are you tired of enduring dull presentations? Over the years, I have compiled a list of common presentation mistakes and how to avoid them. Here are my top five tips.

Science & Technology

Why Businesses Are Relying on Automation to Survive the Labor Crisis

Robots are revolutionizing industries by addressing labor shortages and enhancing efficiency, while businesses navigate challenges like workforce adaptation and high implementation costs.

Green Entrepreneur®

How Global Business Leaders Can Build a Sustainable Supply Chain

Businesses can build sustainable supply chains by leveraging technology to reduce environmental impact, optimize resources and track emissions while balancing operational efficiency and sustainability goals.

Productivity

6 Habits That Help Successful People Maximize Their Time

There aren't enough hours in the day, but these tips will make them feel slightly more productive.

Side Hustle

'Hustling Every Day': These Friends Started a Side Hustle With $2,500 Each — It 'Snowballed' to Over $500,000 and Became a Multimillion-Dollar Brand

Paris Emily Nicholson and Saskia Teje Jenkins had a 2020 brainstorm session that led to a lucrative business.