Evaluating How SMBs Mitigate Risk in a Remote Workforce


Over the last year, many small and midsize businesses (SMBs) have been pushed out of the safe and secure confines of working in one geographical location. This new normal has put business owners at a higher risk of cyberattacks. This risk is further aggravated by small business owner's failure to implement cybersecurity precautions and revise remote work policies. A Nationwide survey reveals that only 4% of business owners have all the US Small Business Administration best cybersecurity practices and recommendations in place.

Cybersecurity in a remote or hybrid work environment is paramount for daily operations. This especially applies to SMBs, which are very vulnerable to cyberattacks, considering a high percentage of them are unprepared. Thus, cyberattacks on SMBs present criminals with low risk and high reward opportunities. According to Purplesec's 2021 list of cybersecurity statistics, 43% of all cyberattacks in 2019 involved small businesses.

Remote Risk Mitigation: What Your Business Need to Know

SMBs have a lot to lose when they encounter cyberattacks. Looking at the numbers—1 in 4 customers won't shop at companies after a data breach, and as a result, 60% of small businesses will permanently close after a breach. The potential productivity, reputation, and data losses are worrisome for many. Further, there is an average of $690,000 in recovery costs that the fortunate 40% that won’t close after a breach are left to mitigate.

Below are some of the common remote working business risks facing SMBs.

  • Cyber risks: These are external risks that often include ransomware, phishing schemes, and botnets.

  • Infrastructure risks: These result from improper securing of technologies, like IoT devices, server environments, and cloud services.

  • Data risks: Most common among SMBs that handle outsourced confidential data for large organizations.

  • Operational risks: Involve financial, productivity, and reputational losses as a result of security breaches.

  • Human capital risks: These are a result of inadequate cybersecurity education and training among company employees.

Cybersecurity Risks Associated with A Remote Work In 2021

There are multiple ways your remote workers could be putting your company's data at risk.

Here four of the top cybersecurity risks associated with remote employees.

1. Insecure Home Wifi

While many employers remember to secure their employee's devices, many more do not remember to do the same with the workers home wifi connection. This is a significant threat because the workers themselves often forget to update their home router software. Simultaneously, many home wifi routers lack a firewall, making the connection vulnerable to security threats over time.

2. Working from Personal Devices

Without proper guidelines in place, many employees find themselves mixing business with pleasure. Such that they use their personal and professional devices interchangeably when working remotely. Unknowingly, they open security gaps for hackers to access sensitive data because personal devices are not encrypted to protect company data like work devices.

3. Passwords

Certain password practices make your company susceptible to dreadful cyberattacks. These practices include having weak passwords and sharing a password across different computers. Good password management practices will mitigate the risk of cyberattacks in a remote environment.

4. Phishing Schemes

Remote working has made it easier for criminals to trick employees into providing valuable login details and credentials. Phishing scams are now more sophisticated and authentic-looking, while many employees remain untrained and isolated, making them more likely to fall prey to these threats. Most phishing attacks are sent via email and disguised to look official so that they can bypass an employee's email filter and appear straight in their inbox.

In fact, 71% of IT professionals indicated an employee at their organization had succumbed to a social engineering attack since the pandemic began according to a recent report from Electric.

Are SMBs Making Changes to Their Remote Risk Mitigation Strategy?

The recent Electric 2021 Cybersecurity Research Report also reveals that 34% of SMBs have made substantial changes to their security strategy because more employees work remotely due to the pandemic. 62% have made some changes, while only 4% have made no changes to their security strategy.

On further investigation, Electric also found that the most common modifications to employee risk mitigation made by companies include the following:

  • 55% Shared a guide on cybersecurity and working from home.

  • 44% Installed the latest patches before people started working from home.

  • 39% Implemented multi-factor authentication.

  • 30 % Started providing additional IT support from home.

  • 28% Provided VPN for employees.

  • 26% Implemented pre-approved applications for collaboration and calls.

  • 23 % Enforced using only company devices for work purposes.

  • 23% Implemented application control and content filtering.

  • 19% Implemented a zero trust policy.

  • 13% Provided modems to employees.

  • 10% Altered alert levels in endpoint detection and response solution.

IT Pros Weigh In On Cyber Remote Employee Security Risk Mitigation

We asked some of our IT Pro Community members what they thought about the above changes organizations are making to their security strategy.

“Policy development, adherence, and training are the most effective measures — not just sharing a guide, but actual training,” said Kenneth Bice, founder of Certified Bice Ltd. on sharing a guide taking the top spot as the most common change implemented among the survey respondents.

Brandon Haller of Rolling Plains Construction offers the following guidance for SMBs, “In today’s cyberworld, every organization should have the following established:

  • MDM (mobile device management)

  • RMM (remote monitoring and management)

  • Antivirus

  • Email security (such as DMARC, DKIM, SPF, ATP)

  • MFA (multi-factor authentication)

  • Encrypted VPNs (virtual private networks)

  • Off-premise & cloud backups

  • Zero-day threat protection

  • Cyber insurance

  • Protected BYOD devices”

As far as devices go, he continued, “If it accesses work material, it needs to be protected and secured with the ability to manage from a distance in the event of a threat. This is especially important when allowing devices to be used regularly at home or on the move often.”

Remote Employees Risk Mitigation Techniques

Post-pandemic, many organizations are looking to adopt a hybrid workforce model where employees work from home and the office interchangeably. Therefore, for the transition to be smooth and effective, employers must address critical security concerns to mitigate the risk posed by a remote workforce.

Here are some risk mitigation techniques companies can use to secure their remote workforce.

Employee Training

Companies must update their risk mitigation policy and strategy documentation to fit their new reality. The update must include employee training to increase the worker's ability to recognize and report cyber threats and attacks. Regular virtual and in-person training creates increased awareness and builds a strong security culture in a remote or hybrid workforce.

Additional Remote IT Support

With widely dispersed workforces, there's a need to have clear IT communication channels that diagnose, confront, and resolve technical issues fast and easy. Remote IT support ensures all tech issues are resolved using the best IT practices while ensuring an organization's data and networks remain uncompromised.

Proper Handling of Employee Departures

Organizations should plan and strategize how to handle employee resignations, layoffs, and terminations when working away from the office. This involves cutting access to the company's network and data, retrieving company data or authorizing its lawful disposal, and demanding the return of company devices. Otherwise, they put the company at risk of accidental or malicious insider threats.

For a deeper overview of cybersecurity tactics specifically, check out the list of best practices we’ve compiled.

Don’t Let Your SMB Remain Unprepared

It is clear that SMBs' unpreparedness makes it easy for cybercriminals to access their valuable data and information and more challenging for businesses to gather resources to track down the criminals.

Thus, these companies must consider the consequences associated with successful cyberattacks. Additionally, they should train and educate their employees on cybersecurity plus implement measures to evaluate, protect, diagnose, respond, and recover from security threats and attacks.

As the world continues to navigate the complexities of remote and hybrid workforces, Electric is here to support your organization. Electric can keep your business moving with Electric's chat-based, lightning-fast IT support. Send us your requests and we'll handle the rest, so you can get back to work.

Stay up to date

Subscribe to the blog to stay up to date with all the latest industry news and updates from Electric.