Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity News

Rough waters ahead: A phisherman’s tale

By Tyler Moffitt
computer
November 6, 2020

A third wave – feels more like a third tsunami. Many haven’t returned to the office; some may end up back in work-from-home scenarios. While workers may feel safe at home, false senses of complacency can easily mask very real cyber threats. Cybercriminals don’t pause for pandemics. With the increase in remote work, an explosion in cybercriminal activity, like phishing, has followed. Not only is phishing still prevalent, but it’s rising much like that third wave.

Seven thousand office workers in the United States, United Kingdom, Australia/New Zealand, Germany, France, Italy, and Japan were surveyed on their understanding of phishing, email, and click habits. Respondents were asked how their online lives have changed since the beginning of the COVID-19 pandemic. From there, the COVID-19 Clicks – How Phishing Capitalized on a Global Pandemic report was created, shining a timely light on perceived knowledge of phishing attacks, what makes people click on a potentially malicious link, and overall cybersecurity and cyber resilience habits.

 

BY THE NUMBERS:

  • 1 in 5 workers have received a phishing email related to COVID-19
  • 3 in 10 workers worldwide are certain they’ve clicked a phishing link in the past year. In the US, it’s 1 in 3 workers
  • 8 in 10 workers say they take steps to determine if an email message could be malicious
  • But less than 3 out of 5 workers worldwide think they know enough to keep themselves and their data safe from cyber attacks

Dr. Prashanth Rajivan, assistant professor at the University of Washington, offered his perspective on how the COVID-19 pandemic and general increase in working from home could affect individuals’ and businesses’ cybersecurity status. “Like with distracted driving, working while doing other household chores or even watching TV seems easy enough when doing mundane tasks, such as email processing,” says Rajivan. He notes this type of distraction can make people vulnerable and even less likely to notice or weigh the potential phishing message’s risks properly.

In many cases, working in home environments can potentially blur the boundaries between work life and home life. Not only are there issues of stress and mental health, but performing work tasks on improperly secured personal devices, or performing personal tasks on a work device, can present security risks for individuals and businesses alike. Three out of four people (76%) worldwide admit they use personal devices for work tasks, use work devices for personal tasks, or both, underscoring the boundary concerns mentioned previously.

Cybercrime is a crime of opportunity - which is currently abundant because of the constant connectivity work-from-home environments create. COVID-19 themed phishing lures have surged this year with some even claiming to know location of infected individuals in your city. These cybercriminals target the victims’ sense of vulnerability during a pandemic so businesses and consumers alike must prioritize cyber resilience. It is everyone’s responsibility to protect their data as they would their health.

The full report suggests companies and consumers are both falsely confident when it comes to cybersecurity. Breaking down the numbers, 95 percent of respondents worldwide recognize phishing remains a problem for businesses and households alike. More than three-quarters admitted they had opened emails from unknown senders, with over half (59 percent) blaming it on the fact that phishing emails look more realistic than ever before.

Dr. Rajivan stresses it’s critical to use what he calls a “healthy dose of suspicion” while processing emails. He explains, “Humans, by nature, have a propensity towards truth. We generally assume the communications we receive from other people are honest. By developing a healthy dose of suspicion with regard to emails, it’ll help us be more alert, and actually put our phishing knowledge into practice.”

 

Steps to take to strengthen work-from-home cybersecurity

  • Keep it separate. With so many employees working outside of traditional office settings, it can be difficult to enforce work-life boundaries. But by ensuring workers have clear distinctions between work and personal time, devices, and obligations, businesses can reduce the amount of uncertainty that can ultimately lead to phishing related breaches.
  • Know your specific risk factors. Every business has different risk factors. If in-house resources or expertise to conduct a risk audit are limited, explore security auditing services, or consult a managed service provider (MSP).
  • Over-prepare. Once a business has assessed the risks, a data breach response plan can be created that includes recovery strategies, security experts to contact, and communications plans to notify customers, staff, and the public in case of a breach, attack, etc..

“If we want to enable employees to assess risk properly, we need to cut down on uncertainty and blurring of context lines. That means both educating employees and ensuring we take steps to minimize how work and personal life intertwine,” says Dr. Rajivan, Ph.D. The report distilled from worker responses that in order to properly prevent phishing, they feel their employers need to invest more heavily in training and education, in addition to vital cybersecurity tools.

The survey also showed most people are now either taking the same or more precautions to keep themselves safe online. For instance, an average of 1 in 4 people are updating their computer operating systems and software more often than they did when they did before COVID-19. While these actions exemplify steps in the right direction, there is still significant opportunity to increase these numbers and strengthen overall cyber resilience. For example, an average of 1 in 5 workers reported plans to increase investment in cybersecurity programs and tools for their individual and families’ devices.

The bottom line: knowledge and understanding are key for strong cyber resilience. Experts like Dr. Rajivan agree businesses and employees must adopt a “healthy dose of suspicion” along with appropriate training to successfully avoid falling victim to phishing scams. So, while work-from-home policies keep workers safe from COVID-19, consider investments in cybersecurity training and cyber resilient tools to ensure your company doesn’t get stuck with a virus (or worse) of a different kind.

KEYWORDS: COVID-19 cyber security remote workers

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Tyler Moffitt is Security Analyst at Webroot. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • smartphone1-900px.jpg

    A look ahead to mobile security in 2021

    See More
  • Human brain formed from connections

    Stay a step ahead with the missing link in cybercrime defense: OSINT

    See More
  • SEC0219-cyber-Feat-slide1_900px

    Prognostications of a Groundhog ̶ The Year Ahead

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing