Data Breaches Cost $1 Million More When Remote Work Is Involved — Here Are 4 Steps to Protect Your Business.As many companies return to the office, remote work remains prevalent, introducing security risks. However, you don't need to pull everyone back into the office. I'll share how the company I work for addresses these risks and how you can safeguard yours.

Remote work is a double-edged sword: It provides your employees with the comforts of staying at home, but it also creates additionalsecurity risksas they are more likely to use unprotected devices and connect to unsecured public networks.

At least20%of businesses went through a data breach caused by remote workers. As reported by IBM, the average data breach cost is$1 millionhigher in companies where remote work is common. It also takes58 dayslonger for such organizations to discover and contain data breaches.

Related:Entrepreneurs Beware: Remote Work Can be Fertile Ground for Cybercriminals

Step 1: Categorize your company's data

Your business holds vast data, from client credit card details to employee IDs. For effective security, categorize your information. We classify ours into three: critical, restricted and confidential data.

Critical data is what, if leaked, would seriously damage the company's reputation, making a return to normal operations almost impossible. It includes user credentials, card security codes, client order history and customer behavior data. I would also add source code for software companies.

Restricted data, if leaked, could seriously threaten our business. It would undermine the company's reputation, but it'd be possible to continue operating in a limited way. Such data contains emails, locations, device info, app usage insights and many other kinds of data from our customers.

The last category, confidential data, includes the organization's trade secrets. Such leaks would harm the company's operations but would have a smaller impact on its reputation. It comprises the team members' data, company policies and procedures, recruitment process details, source code, financial statements and more.

Step 2: Calculate the cost of a breach and create policies

We all hate bureaucracy— I know that. Yet for a business to work, its members must followcertain rules(i.e. policies). To create a good cybersecurity policy for remote workers, you need accurate data. I recommend calculating the cost of potential data breaches using real money.

Be sure to take into account all types of losses. A company's data breach results in direct expenses like investigation and compensation, indirect costs from recovery efforts and lost revenue and opportunity costs due to reputational damage and lost potential business.

计算的成本数据泄露后,德西gn policies. Standard procedures usually include policies on how you label and share data, what security controls you must have and what training your workers must attend.

Related:How Do You Manage Cybersecurity With Employees Across the Globe? Here's Your Answer.

Step 3: Reduce the risks of remote work

First, ensure the security of your computers. Make it so your remote workers access corporate resources from corporate devices only. Have your helpdesk specialists configure all devices according to your information security standards. They'll need special administration tools for the task like JAMF.

Second, monitor the state of yourcorporate devices. Handle the installation of patches, security updates and the latest versions of OS and software. Use special monitoring tools like JAMF and encourage employees to keep their working stations up-to-date. Last, install an Endpoint Detection and Response (EDR) or Antivirus (AV) agent to track malicious activities on your corporate computers. An example of such a system would be CrowdStrike.

Third, control the access to corporate resources. Remote workers should only have access to resources necessary for their work. Make it so they can interact with them only with the corporate VPN turned on. I recommend also enabling IPS or IDS on the VPN to look out for network anomalies.

Don't forget aboutmulti-factor authentication. It'll add one more layer of security to your company's data and decrease the chance of unauthorized access, and you can use ready-made MFA solutions.

步骤4:鼓励你的远程工作者s to be responsible

Truth bomb: The actions above aren't enough to protect your business from security risks. About60% of attackssucceed because average employees make mistakes. It's your duty to help your employees understand the importance of cybersecurity.

First, encourage them to use special apps that track whether their device is safe. They can be in the form of a security checklist, which dynamically checks various system indexes and is easy to understand.

Second, motivate workers to keep the corporateVPNturned on. You can also make their lives a lot easier by making the VPN connect automatically when the system starts up. If you don't have a business VPN, use a regular one from a trusted provider.

Last, don't forget about training. Encourage your workers to learn, but make it exciting. Monotonous video lectures won't do — add gamification and interactivity. Your company's security rests with your team; build a strong human firewall by instilling best practices and fostering vigilant behaviors.

Related:How Safe Is Your Data While Working Remotely?

奖金步骤:如何处理你的自由职业者

The problem withfreelancersis that you can neither make them work on your corporate laptops nor install special security software on their devices. You can, however, manage their access to your company's resources.

Limit their access to essential company resources, using the least privilege principle. If feasible, avoid access altogether and establish secure data-sharing protocols. Always clarify collaboration terms in contracts and NDAs detailing data access and usage. Emphasize that violations may lead to legal consequences.

Safeguarding your company in a remote work era is entirely achievable. Begin by discerning the types of data you possess and understanding the potential costs of breaches, tailoring security measures in response. Prioritize the integrity of your corporate devices and manage access to resources. Talk to your remote workers and implement the use of robust security tools like VPNs.