Addressing your security problems is serious, so it’s understandable you want to know everything about a security risk assessment before you agree to it.
When it comes to a teleworker security risk assessment, our security team has answered questions about the scope, the cost, and how it compares to a comprehensive security risk assessment.
Another frequent question we receive is what problems customers might encounter.
While there is great value in our assessment, there are also a few problems (and their solutions) you should know before deciding to sign up. These include:
- Your security adviser will only look at your network for eight hours.
- There is no penetration testing included with a teleworker risk assessment.
- A teleworker assessment isn’t comprehensive.
- You won’t know all the vulnerabilities in your network.
- Remediation efforts aren’t always free.
The good news is all of these problems are easily solved, and we’ll explain how as well.
Problem #1: A teleworker assessment only lasts eight hours
The teleworker assessment includes an eight-hour analysis of your remote worker security controls. This includes looking at four core areas of control – automated monitoring, data encryption, managed access control points, and privileged access and command control.
For most small and medium businesses, this is plenty of time for your security adviser to look at those areas and identify vulnerabilities.
After the assessment, they will create a report where they rank those vulnerabilities based on risk. Then, they’ll recommend options to reduce the risk associated with each one.
How deep your security team will be able to look at each area of control depends on the size of your environment. Regardless, this time allows your security adviser to look over enough of your teleworker access network to identify vulnerable areas.
However, for a small portion of enterprise customers, eight hours may not be enough time to look at those four primary areas of control.
Solution: Your security adviser will take more time
While it is unlikely, if you do happen to be one of those businesses whose remote access environment needs more than eight hours of analysis, the solution is simple: Your security adviser needs more time.
They should be able to advise you on this before starting the assessment, so you won’t have any surprises.
However, it is important to note that since the security consultant is spending more time analyzing your network, the cost of the assessment will reflect this.
Problem #2: Penetration testing isn’t included
One of the highlights of a comprehensive security risk assessment is that it includes penetration testing.
This form of testing is where your security team puts themselves in the shoes of an attacker and looks for gaps and vulnerabilities that would allow a real attacker to enter your network.
This allows you to see how secure your network is and how far an attacker could get if they were to strike.
While many customers look forward to these results in a traditional security risk assessment, it is not included in a teleworker risk assessment.
Solution: Ask if it can be added
Just because this service isn’t typically included in a teleworker risk assessment, doesn’t mean it’s impossible to add it.
If you want to know the strength of your teleworker network from a (friendly) attacker’s perspective, most security advisers can accommodate the request.
This will increase the price of your teleworker assessment since it isn’t typically included.
Problem #3: A teleworker assessment isn’t comprehensive
The biggest difference between a teleworker risk assessment and an overall security risk assessment is the scope of each one.
A teleworker risk assessment only looks at security controls related to your remote workforce while a comprehensive security risk assessment looks at more than a dozen areas of your IT environment.
If you sign up for a teleworker assessment, you should know its limitations.
Solution: Choose a full security risk assessment
If you want a more comprehensive analysis of your vulnerabilities, the solution is as simple as opting for a traditional security risk assessment instead of a teleworker risk assessment.
Problem #4: A teleworker assessment won’t reduce all your risks
Since the scope of a teleworker assessment isn’t as comprehensive as a full security risk assessment, the recommendations to address your vulnerabilities aren’t either.
This means a teleworker assessment can’t help you secure your whole network.
For example, the assessment will look at the portion of your firewall related to remote access control, but not the entirety of it.
Solution: Consider a full security risk assessment
Don’t worry, though. You’ll still receive a lengthy list of things you can do regarding your remote workforce technology to improve your security posture.
If you do want the full list of everything that needs to be addressed within your IT environment, the best solution is to consider opting for a comprehensive security risk assessment instead.
Problem #5: Remediation efforts aren’t always free
The whole reason to have any portion of your IT environment analyzed is to have an idea of what actions you can take to improve your security posture.
Sometimes, these actions include upgrading hardware or licenses or implementing new technology you weren’t using before, which costs money outside of the assessment.
Solution: Ask for free options first
Not all of your vulnerabilities will require you to purchase licenses, software, or hardware.
The best security advisers will suggest ways, such as configuration changes, that can improve your security posture without additional costs.
Why should you invest in a teleworker assessment?
Even though there are a few problems businesses perceive with a teleworker security risk assessment, each one has a solution.
If you’re worried about the smaller scope of a teleworker assessment, you can talk to your security adviser about including additional elements to the teleworker assessment or opting for a comprehensive security risk assessment — and ultimately take steps to better secure your network.
If you’re interested in a teleworker security risk assessment, we encourage you to check out our other articles: