Cybersecurity challenges brought on by COVID-19 have been covered ad-nauseum and are largely unsurprising; however, a recent survey by cybersecurity firm Malwarebytes revealed a few things that make you go 'hmmmm.' In its latest report, Enduring from Home: COVID-19’s Impact on Business Security, Malwarebytes Labs summarizes respondents’ concerns about transitioning to work-from-home, the impacts suffered due to the pandemic, and plans to implement long-term security changes moving ahead. While the increased use of personal devices for work was expected, the report notes a concerning (but not entirely surprising) 61% of respondents’ organizations did not urge employees to use antivirus solutions on their personal devices. What is actually a bit shocking, out of the 61% of respondents’ organizations who provided work-issued devices to employees as needed, 65% did not deploy a new antivirus solution for those same work-issued devices. Malwarebytes did not stop there, they also analyzed inconsistent responses for confidence and account for what they call “security hubris” among the surveyed IT and security leaders. For example, according to the report roughly three quarters of survey respondents gave their organizations a score of seven or above on preparedness for the transition to work-from-home. Yet additional responses seem to contradict that perceived readiness when 45% of the organizations did not perform security and online privacy analyses of necessary software tools for remote collaboration. Likewise, a similar percentage (44%) of organizations did not provide cybersecurity training that focused on potential threats of working from home (like ensuring home networks had strong passwords, or devices were not left within reach of non-authorized users). The report closes with some interesting points to ponder as we face continued remote working, including developing stronger remote security policies, installing a permanent work-from-home model for employees who do not need to be in the office every day, and hosting more training for remote staff. While distractions still abound and outcomes are still obscure, we have all pretty much settled into the remote working routine. Therefore, there is no better time than the present to revisit some of those cybersecurity challenges that may have been deferred for when things settled down. Download the report at Malwarebytes