There’s a side effect to our rising awareness of (and concern over) cybersecurity. It’s called “security fatigue”, and employees the world over are beginning to show symptoms of it. According to a study from the National Institute of Standards and Technology (NIST), the majority of internet users suffer from this so-called security fatigue.
Users find themselves asking two major, and contradictory, questions: 1) if large companies with big security budgets are routinely attacked, how will I protect myself from cybercriminals? And 2) despite all the cyberattacks you hear about in the news, I personally do not know anyone who has been hacked — am I really a target for a cybercriminal? This confusion between the inevitability and probability of becoming a victim of cybercrime is resulting in a kind of nonchalance with respect to matters of security. This lack of concern, this attitude of surrendering to the notion of “whatever will be, will be” puts both users and the companies they work for at risk.
So how can we minimize security fatigue in our companies?
Use a password manager
The average internet user has more than 100 accounts associated with the same email address. Ideally, therefore, they would have 100 different passwords. Obviously, it is impossible to memorize such an enormous number of credentials. In addition, from time to time we require our employees to update their password to start the PC or access a particular software program. And what do they do? Choose the fastest and easiest option. 81% of users use the same password in different accounts and 36% reuse the password in more than 25% of their online accounts.
The solution to this problem is to set up a password manager for all employees. It is the easiest way to generate unique passwords for each account that have a high level of security. With it, employees will only need to remember one password, instead of one hundred.
Update, update, update
We can’t stress this enough.
Limit the number of security decisions your employees have to make. If the security team keeps systems and devices up to date, implements patches, and automatically downloads the latest malware databases, unnecessary risks will be avoided. This should be a mandatory practice, ensuring that employees have safe working tools and will not have to worry about supplementary tasks, nor receive constant alerts to update programs.
Use advanced cybersecurity measures
Employees are overexposed to security alerts, a situation that ultimately ends up becoming a little bit like the boy who cried wolf. Pages reminding them that their passwords are insecure, antiviruses that warn of the dangers of accessing a particular web page or downloading a certain file … The constant repetition of these warnings contributes to a feeling that nothing is safe anymore, so why bother? In the work environment, we can reduce that level of insecurity using tools that block an attack before it even occurs. Advanced cybersecurity solutions monitor the organization’s systems in real-time, detecting and stopping any suspicious behavior that could be harmful. Preventing the attack before it occurs will take some of the stress off of the employee and, in turn, reduce the security fatigue that is increasingly prevalent in our modern times.