Nestled within Webroot’s chapter on malware in its 2020 threat report is a comparison of infection rates between business and personal devices. The finding that personal devices are about twice as likely as business devices to become infected was always significant, if not surprising.

But the advent of the novel coronavirus—a development that that followed the publication of the report—has greatly increased the importance of that stat.

According to a joint study by MIT, Stanford and the National Bureau of Economic Research (NBER), more than a third (34%) of Americans transitioned to working from home as a result of COVID-19. They join approximately 14.6% of workers already working from home to bring the total to nearly half the entire American workforce.

During remote work many employees are forced, or are simply able to use, personal devices for business-related activities. This presents unique security concerns according to Webroot threat analyst Tyler Moffitt.

“In a business setting,” he says, “when you’re given a corporate laptop it comes pre-configured based on what the IT resource considers best practices for cybersecurity. This often includes group policies, mandatory update settings, data backup, endpoint security, a VPN, etc.”

Individuals, on the other hand, have much more freedom when it comes to device security. They can choose to put off updates to browser applications like Java, Adobe and Silverlight, which often patch exploits that can push malvertising. They can opt to not install an antivirus solution or use a free version. They can ignore the importance of backing up data altogether.

These risky practices threaten small and midsize businesses (SMBs) both immediately and when workers gradually return to their shared office spaces as the virus abates.

As the Webroot report notes, “With a higher prevalence of malware and generally fewer security defenses in place, it’s easier for malware to slip into the corporate network via an employee’s personal device.”

What’s at stake, for SMBs, is the loss of mission-critical business data due to device damage, data theft via phishing and ransomware, and GDPR and CCPA fines for data breaches. Any of these threats on their own could be existential for SMBs.

What Businesses Can Do to Prevent BYOD-Enabled Data Loss

“Super small businesses may not have the luxury of outlawing all user of personal devices,” says Moffitt. “BYOD is a fact of life now, especially with so many at home using home computers.”

But employers aren’t out of luck entirely. They can still purchase for their employees, and encourage the use of, several essential security tools. These include:

Collaboration over Coercion

It’s difficult to mandate security solutions on personal devices, but managers need to at least have this conversation. Short of installing “tattleware,” this has to be a collaborative rather than a coercive effort.

“You can’t enforce a group policy on a computer or a network that you don’t own,” reminds Moffitt. “Ideally, yes, give each employee a corporate laptop to work from home that’s securely configured. But if that’s not possible, work with employees to ensure the right steps are taken to secure corporate data.”

Companies should work with IT consultants to source high-performing versions of the solutions mentioned above and cover their cost if it’s understood that personal devices should be used during this period of working from home. If taken advantage of, it can be an opportunity to foster a culture of cyber resilience.  Your organization will come out stronger–wherever your employees are located.

 This guest blog is part of a Channel Futures sponsorship.