There is no shortage of scary and fearful things going on in the world – a global pandemic, riots, hurricanes, “murder hornets”, “meth gators”, and of course cyber threats and crime. This constant flow of information around all these things has caused a general sense of fear and dread that needs to be addressed. While we could talk about each of these things at length, this article will focus on cyber threats.
The National Institute of Standards and Technology (NIST) came out with findings from a study that indicated that many people are experiencing what they refer to as a new “phenomenon” … Security Fatigue is the condition that happens when people are inundated with cybersecurity information that for most is incomprehensible. We say things to ourselves like, “What does another breach of a BILLION records mean to me? If it is just a matter of when and not if, why should I bother making changes? I’ll just hunker down, brace for impact, and take my chances.”
Avoiding Security Fatigue
This is a dangerous position. Hope is not a plan! Bad actors want your information and they are praying you have Security Fatigue.
It is important for an organization’s leaders to put this information into context and make it relevant to their people. Let them know why they should care. For example, knowing that there are dangers walking down a certain ally is good information. With that information, I can make informed decisions and take a different route. It is the same with cybersecurity information.
We are dealing with a human condition. People get scared of things they do not understand or know about. Cybersecurity information can be scary and confusing, but it does not have to be. Translate the threat into actionable things that real people can do in their real lives.
For example:
- Learning about another breach of data from a major organization should remind us to protect our personal data by placing a freeze on our credit and/or putting monitoring in place for the important accounts in our life.
- Hearing news about identity theft and scams that are seeking to gain access to our accounts should remind us how valuable our identity really is and to add multiple ways of verifying that you are who you say you are when connecting to your personal and professional accounts. You can do this with some easy steps, such as adding multifactor authentication (MFA) and using a password management software solution.
- Learning about phishing and spear phishing attacks should raise our awareness that not all emails are legitimate. You should make a concerted effort to verify email and text messages and avoid blindly following links or opening attachments.
- Being aware of Smarthome technology options should remind us that all internet-connected devices (the IoT) can be a threat. Small changes like modifying default administrative passwords and placing IoT devices on your Guest WiFi can add a level of protection and allow you to safely enjoy the benefits of Smart technology in your life.
It is time to help people overcome Security Fatigue! There are constant threats of cyber-attacks but being informed about cybersecurity risks and dangers helps us protect the information that is most important to us. Fear is cancerous and debilitating, but knowledge is power. Knowing information…even bad information…is a good thing. Live informed, not in fear!