Twice as many workers clicking on phishing email links

Many employees would go on to provide hackers with their credentials: Survey

Twice as many workers clicking on phishing email links
Many employees working from home are susceptible to cyber attacks.

While a lot of employees are still working from home to stay safe amid the COVID-19 pandemic, many are in danger of falling prey to cybercriminals.

Nearly 20 per cent of Canadian employees are still quick to click on phishing email links – significantly more than the 11 per cent posted in 2019, according to a survey from Terranova Security.

Even worse, 67 per cent of these workers would go on to provide a hacker their credentials, according to the Phishing Benchmark Global Report.

“This year’s report illustrates the growing need for security awareness training initiatives that utilize real-world phishing simulations as a practical educational tool,” says Lise Lapointe, Terranova Security CEO and author of the report.

“Organizations must take these phishing benchmarking results seriously and take the necessary steps to ensure every user has the knowledge needed to safeguard against the latest and most complex cyber threats.”

More than one-third (36 per cent) of business executives believe that cybersecurity threats have increased with so many employees working from home, according to a survey earlier this year.

More than one in 10 (13.4 per cent) of workers overall are submitting their login credentials – up from just two per cent last year, finds the survey.

Public sector and transport workers are the most susceptible to this trend, with a click rate of 28.4 per cent and submission rate of 24.7 per cent. Meanwhile, workers in the education and finance & insurance sectors performed considerably better than others, with rates of 11.3 per cent and 14.2 per cent, respectively.

And attacks on web applications rose by 800 per cent in the first six months of 2020, according to a report released last month.

Security steps

There are several key steps employers should take to reduce the risk to organizations and employees, says KPMG:

  • Raise awareness among your team warning them of the heightened risk of coronavirus-themed phishing attacks.
  • Share definitive sources of advice on how to stay safe and provide regular communications on the approach your organization is taking to the coronavirus pandemic.
  • Make sure you set up strong passwords, and preferably two-factor authentication, for all remote access accounts; particularly for Office 365 access.
  • Provide remote workers with straightforward guidance on how to use remote working solutions, including how to make sure they remain secure and tips on how to identify potential phishing attacks.
  • Ensure that all provided laptops have up-to-date anti-virus and firewall software.
  • Run a helpline or online chat line that they can easily access for advice, or report any security concerns including potential phishing.
  • Encrypt data at rest on laptops used for remote working given the risk of theft.
  • Disable USB drives to avoid the risk of malware, offering employees an alternate way of transferring data such as a collaboration tool.

Latest stories