There is no shortage of scary and fearful things going on in the world around cyber threats and crime. This constant flow of information around cyber threats and dangers has caused a general sense of fear and dread that needs to be addressed.
The National Institute of Standards and Technology (NIST) came out with findings from a study that indicated that many people are experiencing what they refer to as a new "phenomenon" …Security Fatigue. This is the condition that happens when people are inundated with cybersecurity information that for most is incomprehensible. What does another breach of a BILLION records actually mean to me? If it's just a matter of when and not if, why should I bother making changes? I'll just hunker down, brace for impact, and take my chances. Security Fatigue!
This is a dangerous position. Hope is not a plan! If someone wants your information, they are praying you have Security Fatigue.
It is important for an organization’s leaders to put this information into context and make it relevant to their people. Let them know why they should care. For example, knowing that there are dangers walking down a certain ally is good information. With that information, I can make informed decisions and take a different route. It's the same with cybersecurity information.
We are dealing with a human condition. People get scared of things they do not understand or know about. Cybersecurity information can be scary and confusing, but it doesn't have to be. Translate the threat into actionable things that real people can do in their real lives.
- Learning about another breach of data from a major organization should remind us to protect our personal data by placing a freeze on our credit and/or putting monitoring in place for the important accounts in our life.
- Hearing news about identity theft should remind us how valuable our identity really is and to add multiple ways of verifying that you are who you say you are when connecting to your personal and professional accounts. You can do this with some easy steps, such as adding multifactor authentication and using a password management software solution.
- Learning about phishing and spear phishing attacks should raise our awareness that not all emails are legitimate. You should make a concerted effort to verify email messages and avoid blindly following links or opening attachments.
- Being aware of Smart home technology options should remind us that all internet-connected devices (the IoT) can be a threat. Small changes like modifying default administrative passwords can add a level of protection and allow you to safely enjoy the benefits of Smart technology in your life.
It is time to help people overcome Security Fatigue! There are constant threats of cyber attacks, but being informed about cybersecurity risks and dangers helps us protect the information that is most important to us. Fear is cancerous and debilitating, but knowledge is power. Knowing information…even bad information…is a good thing. Live informed, not in fear!