Gartner Research

How to Stop COVID-19 (Coronavirus) Phishing Emails From Infecting Your Enterprise Network

Published: 02 April 2020


Cybercriminals are ramping up phishing attacks masquerading as government and health agencies in light of the COVID-19 coronavirus pandemic. Security and risk management leaders need to build a culture of security awareness among employees to protect enterprise networks from these threats.

As the COVID-19 coronavirus pandemic gains momentum, hackers and scammers are using the outbreak to prey on unsuspecting and vulnerable users through fake coronavirus-themed emails. These phishing emails are designed to trick employees into opening attachments that supposedly contain health precautions for combating the virus-spread. Instead, these attachments download malicious software into end-user systems, potentially compromising entire networks. Security and risk management leaders should ensure that employees at all levels are aware of this new threat vector and containing information on the coronavirus. This is particularly true at a time when employees are working from home, with limited resources readily available to them.

Phishing attacks infamously pose as emails from the U.S. Centers for Disease Control and Prevention (CDC), the World Health Organization (WHO) or other national health agencies to exude a sense of authority. In response, the WHO and CDC have issued warnings regarding a surge in phishing attempts masquerading under their banner.

In the U.S., the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has issued tips to defend against coronavirus cyber scams. In Europe, the European Central Bank has released a letter warning financial institutions about increases in phishing and other related cybercrimes. However, these warnings often go unnoticed until it’s too late, such as the cyberattack on the U.S. Health and Human Services Department. Security and risk management leaders must invest in employee awareness and share these official updates with the workforce to drive secure behavior.

As cybercriminals, including advanced persistent threats (APTs) and nation state actors, exploit the latest global threats to sabotage organization networks, security and risk management leaders should leverage end user support to fight against this menace. The following tactics can ensure that employees support the information security function in maintaining enterprise security.

Empower Employees to Act as Controls

Instead of viewing employee actions as risks that must be mitigated, information security can benefit from . It is insufficient to just have employees stop doing things insecurely; employees must also proactively help information security detect unusual activities.

Information security should engage employees in tracking their own behaviors — they have the context to more quickly understand if something is truly suspicious. This ability should be leveraged to promote secure behavior among employees. Information security should provide clear and simple activity records for review so that employees can easily take responsibility for actions on their own accounts. Employees become more invested in the security of their actions when they are provided the tools to do so. To successfully recruit employees for such a venture, information security must build trust with employees and proactively respond to their feedback.

Build and Measure a Security Mindset Among Employees

Security and risk management leaders must create a culture of security by increasing understanding of the importance of secure behaviors and by measuring for and To achieve this, the information security function should define key secure behaviors that collectively encourage secure action and a sense of ownership in the face of known and unknown risks. Also, the information security function should find the right metrics to assess employees’ security mindset. Metrics that measure a shift in employee behavior are a good indicator of whether information security’s efforts to improve the security culture are being successful.

Recommended by the Authors

Awareness programs mock-phish employees to educate them to recognize, report, and resist phishing and spearphishing attacks.

: The information security lead can use this customizable presentation template to create cybersecurity awareness training on social engineering.

: Security and risk management leaders can use positive and negative motivation — rewards and consequences — to urge staff to complete training and adhere to policies.


Information Risk Research Team

Access Research

Already a Gartner client?

To view this research and much more, become a client.

Speak with a Gartner specialist to learn how you can access peer and practitioner research backed by proprietary data, insights, advice and tools to help you achieve stronger performance.

By clicking the "Continue" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

Gartner research: Trusted insight for executives and their teams

What is Gartner research?

Gartner research, which includes in-depth proprietary studies, peer and industry best practices, trend analysis and quantitative modeling, enables us to offer innovative approaches that can help you drive stronger, more sustainable business performance.

Gartner research is unique, thanks to:

Independence and objectivity

Our independence as a research firm enables our experts to provide unbiased advice you can trust.

Actionable insights

Not only is Gartner research unbiased, it also contains key take-aways and recommendations for impactful next steps.

Proprietary methodologies

Our research practices and procedures distill large volumes of data into clear, precise recommendations.

Gartner research is just one of our many offerings.

We provide actionable, objective insight to help organizations make smarter, faster decisions to stay ahead of disruption and accelerate growth.

Tap into our experts

We offer one-on-one guidance tailored to your mission-critical priorities.

Pick the right tools and providers

We work with you to select the best-fit providers and tools, so you avoid the costly repercussions of a poor decision.

Create a network

Connect directly with peers to discuss common issues and initiatives and accelerate, validate and solidify your strategy.

Experience IT Security and Risk Management conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.

©2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.