Are you tired of security procedures punctuating even the simplest of tasks? You are not alone.
Did you go for a run this morning, or last night? How about managing to eat your ‘five a day’ yesterday? or drinking at least eight glasses of water and getting the magical eight hours of sleep! Did you do any of those? Don’t worry, I didn’t either. I know that I should do, I know that it can all add up to me living a healthier and happier life but I’m just suffering from fatigue over it all.
We are bombarded with valid advice on an almost continual basis to the point that we just tire of it all. Health, lifestyle, how to bring up children, how to care for the elderly, the economy, where to go (or not to go) on holiday, what to look for in a partner. Google any of those and reams of advice will blind you into a state of tired submission.
And if you suffer fatigue from the barrage of lifestyle advice then quite understandably when somebody starts banging on about cyber security and all the new hoops that you have to jump through at work, just to possibly prevent some nefarious individual from taking a quick look at your Excel spreadsheet, then you might actually be suffering from security fatigue! Yes, it’s a thing!
A new study from the US based National Institute of Standards and Technology (NIST) has found that a vast majority of typical computer users, who were interviewed for this study, had experienced security fatigue which leads them to becoming weary of all aspects of computer security.
Have you suffered? If you have been prompted to change a passwords and then just use one you have used elsewhere, because they are all so difficult to remember – then yes, that’s it. Or how about when you make an online purchase and give up because creating a ‘new account’ is just a pain – that’s it too.
The report itself was not looking into this phenomena, but as one of the reports co-authors, Mary Theofanos said, “We got this overwhelming feeling of weariness throughout all of the data. We haven’t really thought about cybersecurity expanding and what it has done to people”. It seems that when we are all tired of the relentless security procedures that punctuate our online lives, we have a natural tendency to make them simpler and thus opening up ourselves to the very threat that they are designed to protect us against.
Another symptom of security fatigue is being fatalistic about your personal, or professional data. Meaning that you are resigned to the fact that no matter how many passwords you have, how often you change them, or what other security controls are put in place that at some point you will become a victim of cyber-crime. Does that sound like you?
Actually I think that sounds like most of us, if we are honest. It’s just human nature to try and find the short queue, the workaround to get you from one online place to another in the smallest number of clicks! It may look fun in a spy movie when multiple levels of authentication are needed to access some critical data, but the fun does start to wear a little thin when all you want to do is order a replacement vacuum cleaner filter! Personally I have followed the advice of many of the learned cyber professionals I have had the pleasure of meeting, but those extra few steps to get me securely connected to the free Starbucks WiFi starts to test my patience and I am by my own definition a very patient chap.
But with all issues, there is a solution – sort of. Overcoming fatigue and the disconnection with a procedure can be resolved, even cyber security. The report from NIST makes three key recommendations.
- Limit the number of security decisions users need to make.
- Make it simple for users to choose the right security action.
- Design for consistent decision making whenever possible.
They may sound obvious, but if put in place they really do make a difference. For any IT manager out there who is developing security policies and procedures they would be wise to consider security fatigue when implementing necessary technical measures. Make it easy and people will use them, make it hard or tiresome and people will lose interest and become frustrated very quickly.
So if you do suffer security fatigue, don’t worry, you are not alone and it can be overcome with a few simple steps and easier security processes – if implemented. Then you will have more time to go running, eat healthily and do all those other things that we are tired of hearing about!