The COVID-19 pandemic has brought a fresh wave of cyberattacks targeting remote workers, but a lack of training has resulted in the majority not taking threats seriously.

A study of remote workers by app security company Promon found that 66 percent of remote workers haven’t been given any form of cybersecurity training in the past 12 months, with 77 percent saying they aren’t worried about their cybersecurity while working from home.

Promon’s research into the attitudes towards cybersecurity comes after Ursula von der Leyen, president of the European Commission, warned on March 24 that cybercrime in the EU has increased due to the coronavirus outbreak. As the pandemic has forced many more people to work from home, attackers are capitalizing on the increased amount of time spent online by carrying out targeted COVID-19-related phishing campaigns which can result in the victim downloading ransomware (malware that encrypts files until a ransom is paid), or attackers gaining access to a victim’s computer.

Examples of such campaigns include a bogus email from HMRC containing a ‘new tax refund program set up by the Government, which, when clicked, directs to a fake webpage which harvests financial and tax information. Another example is a fake email claiming to be from the World Health Organisation, containing an attachment on new coronavirus safety measures. When opened a keylogger is downloaded, which then tracks and records every key that’s pressed on the user’s keyboard, enabling the attackers to secure passwords and other sensitive login information.

The survey also found that 61% of respondents are using personal devices when working remotely, adding an extra layer of concern as many of these are likely to be less secure than corporate-issued ones. Cybercriminals are taking advantage of decreased levels of security on personal devices connected to corporate networks, with successful attacks ringing alarm bells for employers whose sensitive corporate data is now at risk, along with individuals’ personal data, including banking information and login details. 

Promon CTO and co-founder Tom Lysemose Hansen said: “It’s concerning to find that such a large number of workers don’t have the necessary training to spot a potential cyber threat, such as a phishing email or spoofed website, as these are the main ways in which cybercriminals are executing their attacks. Organisations must ensure that staff who are working remotely are doing so in secure environments, whether that’s on personal or corporate devices, and it’s critical that they provide the necessary training and tools to ensure corporate data is protected.”