No matter what side of the political fence you fall on, you are probably exhausted by now with the constant 24-hour a day news cycle bombarding us all with ads for politicians on both the local and national scale. While this is a fairly common occurrence, as we experience this feeling every few years, many people are feeling a similar weariness which has not been seen before when it comes to cybersecurity.
A new study published by the National Institute of Standards and Technology in partnership with the Institute of Electrical and Electronics Engineers has found that over 94% of people between the ages of 20 to 60 years old feel “overwhelmed and bombarded, and tired of being on constant alert, adopting safe behavior, and trying to understand the nuances of online security issues.” This exhaustion leads to many people flat out ignoring security warnings, while others tend to grow worn out by security updates and the ever-expanding grocery list of passwords which they must remember. These experiences of high levels of fatigue coupled with many of the respondents’ claims of not knowing anyone who has been attacked and being skeptical of an attack on themselves as well, leads to people throwing security and safety measures out the window, putting themselves and the companies they work for in danger of attack.
What websites can do to ease security fatigue
While many times it is recommended that users do something to combat security issues and cyber-crimes, this is exactly what is leading to their fatigue. Because of this, the study says websites and online services needed to do a better job of coordinating how they approach security to lighten the load on users. A few ways which they can achieve this are by:
- Limiting the number of security decisions users need to make
- Making it simple for users to choose the right security action
- Designing for consistent decision making whenever possible
These are some of the best ways we can combat security fatigue at the source, but one of the biggest issues raised from the study not resolved by these steps is that of password security.
Password security fatigue, solved
Many people in the study claimed that not only having to have different, intricate, and long passwords for each site was stressful, but trying to remember them all actually made them simply resort to the poor practice of using the same one for all sites. The average number of passwords per person today is 22 compared to just one not that many years ago, so it is easy to see how people can get overwhelmed when it comes to password security. The study says that you are not supposed to remember all of your passwords, however, rather you should use a computer password manager which can store everything for you and even generate new, complex passwords, saving you even more time. With this, you only need to remember one password and then you have access to all others. KeePass is just one of the many password managers out there that is free, easy-to-install, and gets the job done. By simplifying password security, we can ease the stress put on ourselves by security fatigue.
What companies can do to ease security fatigue
In addition to websites and users, companies have a significant role when it comes to easing user security fatigue. There will continuously be a new variant of ransomware, a more intricate phishing scam, or some other threat posed to companies and their employees. With all of these threats imposing themselves on employees constantly, companies need to have clear, specific guidelines to show users what to do in the event they become exhausted by implementing cybersecurity best practices. By clearly going over what to do in various situations with set ‘plans of attack’, companies can prepare their employees by instilling good cybersecurity habits in them. “If safe behavior becomes habitual, then when we feel swamped by the craziness of the online world we will at least fall back into habits that have been designed to protect us, rather than put us at greater risk,” says the reports’ co-author Mary Theofanos.
Security fatigue in America is a real thing and it is a major threat to the future of cybersecurity. By websites, companies, and users coming together to try and ease this process, hopefully, we can make the online world a little more safe and a little less overwhelming.
Hailey R. Carlson | Axiom Cyber Solutions | 10/14/2016