Companies have a lot to consider when supporting a remote workforce.
They need to make sure they have the right technology for their employees to continue accessing on-premises files, holding meetings, and performing their job functions.
They also need to make sure their employees are doing this securely.
Every remote employee who telecommutes is a chance for attackers to infiltrate your network.
At The KR Group, our security team has started offering teleworker security assessments to specifically look at the strengths and weaknesses of companies’ remote workforce security.
What’s included in a teleworker security assessment?
A teleworker risk assessment includes analyzing four areas of control:
- Automated monitoring of security controls
- Protection of confidentiality and integrity through encryption
- Managed access control points
- Privileged access and command control
These tenets of remote workforce security follow the National Institute of Standards and Technology’s (NIST) best practices. They also provide a solid foundation of ways you can strengthen your remote workforce security.
The usefulness of a teleworker assessment might be apparent, but for many customers, the most important question is how much it will cost.
To understand how much you’ll spend on a teleworker security assessment, we can break the price down into the following areas:
- The base price
- Factors that increase the cost
- The cost to address vulnerabilities
While the cost of a teleworker assessment is the same for all businesses, the total price, including any additional assessments and risk reduction measures, depends on each company’s needs.
The best way to know the exact total price is to speak with an IT security adviser.
All teleworker security assessments start with the same base price
The base price covers security advisers spending eight hours to deeply analyze the strengths and weaknesses of your remote IT environment.
During this time, they’ll go above and beyond looking at password policies and antivirus implementation. Specifically, your security consultant is looking at those four components we mentioned earlier — automated monitoring of security controls, protection of confidentiality and integrity through encryption, managed access control points, and privileged access and command control.
(For a more detailed explanation of what these four areas of control offer beyond password protection and antivirus, check out our article, “4 Vulnerabilities a Teleworker Security Assessment Reveals.”)
The goal of a teleworker security assessment is for the security team to dig as deep as they can into your remote workforce security measures over one workday.
This looks different depending on the size of your IT environment.
With a small, straightforward environment, eight hours will give your security team time to dig deep into each of the components of a teleworker assessment. A larger environment, on the other hand, will have more to assess, so advisers might not be able to dig as deep.
Regardless of the size of your IT environment, eight hours provides ample time for your security adviser to look at your teleworker security.
The base price covers more than just the assessment, though.
Along with the time spent analyzing your teleworker security, the base price also covers the time your security adviser will need to accumulate data and create a report to guide you on addressing your vulnerabilities.
The base price of a teleworker assessment is $1,800. This is what most customers pay, but we’ll discuss next how your price could increase.
Factors that increase the cost of a teleworker assessment
Unlike an all-encompassing security risk assessment, a teleworker assessment only looks at remote access infrastructure, hardware, and software your teleworkers are using.
The good news is most security advisers are willing to be flexible with their assessments and can include other areas of assessment, but it will increase your cost.
For example, if you want to add penetration testing, which isn’t typically included in a teleworker assessment, most security advisers can accommodate the request. It will impact the cost, though.
You can also discuss adding other components of a traditional security risk assessment to accompany your teleworker assessment.
However, anything outside the scope of a teleworker assessment will cost you for any time and material your security adviser uses.
The cost to reduce your vulnerabilities
Every teleworker assessment includes a report which outlines your vulnerabilities, how severe each risk is, as well as ways to address them.
This helps you prioritize risk-reducing actions by the level of threat each problem presents your business.
While this report is included in the cost of a teleworker assessment, the hardware, software, and labor to address the issues are not.
When possible, your security adviser should recommend risk reduction efforts using configuration policies or leveraging your existing cybersecurity software. These changes should have a minimal cost.
If new software or hardware is required to address security gaps in your remote workforce, a good security adviser won’t recommend specific products to address your security needs.
For example, they might recommend replacing your antivirus with next-generation antivirus, but they won’t tell which brand you should choose unless you specifically ask.
That doesn’t mean you shouldn’t anticipate these costs, though. Regardless of what manufacturer you go with to address your needs, you’ll need to spend money to reduce your risks.
Scheduling a teleworker assessment
There is always value in an IT security risk assessment, but since a remote workforce makes you more vulnerable, it is especially important to invest in securing your network with teleworkers.
If you’re contemplating a security risk assessment, the good news is the cost is fairly straightforward.
You can always anticipate the $1,800 base price in exchange for eight hours your security adviser dedicates to analyzing your remote workforce cybersecurity.
After that, the cost will fluctuate depending on if you want your security adviser to analyze additional areas of your IT environment and how much you’ll need to spend to get your security up to snuff.
In the end, a teleworker assessment costs less than cleaning up from a breach or attack. The average malware infection costs at least $3,000 a day to resolve, but that figure increases every year by around 10%.
If a teleworker assessment is something you think your business could benefit from, reach out to us to set up an appointment. This meeting will also allow you a chance to see exactly what the assessment report will look like and ask questions.