If we could get a dollar every time we hear the word “hacked”, we wouldn’t be here writing this blog, but probably somewhere in the Maldives, thousands of miles away from this keyboard.
It all started with the Big Yahoo Hack of 2013, the biggest data breach of the 21st century, which compromised over 3 billion user accounts in a one-year period. The Yahoo data breach went down in history for its scale, the extensive TV coverage, and for reminding people all over the world of the existence of old email addresses created during their teenage years and abandoned later in adulthood.
Then, plenty more breaches followed: Adobe, eBay, Dropbox, and, more recently, British Airways and Facebook. These days, a week rarely goes by without a major data breach making the news. And, unfortunately, people are bored of it.
The overload of security warnings mixed with the tech jargon that comes with it means that people are becoming victims of cybersecurity fatigue. As a result, people are getting overwhelmed and desensitized to IT security, and by doing so they are at an even greater risk of lowering their guard and falling for the latest security threat.
But what can be done to fight cybersecurity fatigue?
A recent study conducted by the National Institute of Standards and Technology (NIST) found that a majority of the people who they interviewed reported some form of cybersecurity fatigue, which was getting in the way of safe computer behavior, both at home and in a working environment.
The research started as a qualitative study about the perception computer users have of cybersecurity and online privacy. While the researchers were not looking specifically for fatigue-related problem, these spontaneously emerged from the interviews as issues experienced by more than half of the participants.
One of the drivers of the feeling of fatigue was reported to be the struggle to remember an increasing number of PINs and passwords. The older generations are the ones most affected by this problem, as years ago one or two passwords were enough to restrict access to sensitive data at work or at home.
These days, users have on average 23 personal password-protected accounts to keep up with, and 31% of them only uses two or three passwords across the board, a practice that weakens the security process dramatically. And hackers are making the most of it.
It’s becoming clear that the omnipresence of threats means that “keeping an eye out” alone is no longer enough. And here’s how users can overcome the most common fatigue-related problems:
Make your life (and your authentication) easier
If having way too many passwords to remember triggers the feeling of fatigue, the first step to overcome this issue should be making them easier to recall.
And by this, we don’t mean that you should pick the name of your Miniature Dachshund as the password to access your bank account, nor that you should write them all down in your favourite notepad to make sure you don’t forget them.
What you should do, instead, is to get yourself a password manager. With a password manager, you can safely create and store random, unique passwords featuring a combination of letters, digits, and special characters.
Password management tools can normally be accessed with one "master" password that unlocks all of the credentials stored in the database, so instead of trying to remember two dozen mediocre passwords, you can get away with keeping in mind a single, strong one, as in the good old, more cyber-secure, times.
Keep yourself informed, but avoid information overload
We are all about cybersecurity awareness – in fact, we have written a number of blog posts about it. But it’s also true that information overload can do more damage than good, as it might make people feel tired, burned out, or overwhelmed.
So here’s what we suggest: make a compromise. Allow yourself the time to read a good article or news story on the subject once or twice a week, to ensure you know enough about what’s going on in the cybersecurity world to avoid falling for the latest scam. But it’s perfectly fine, every once in a while, to tune these news stories out and give yourself a break (unless you are a CISO, or a cybersecurity expert. In that case it’s called a holiday).You will find that keeping up with a smaller selection of high quality information from reputable sources will work out better in the long run and will not make you want to scream every time a TV reporter utters the words “high-profile data breach”.
Enable automatic virus scan
If the option is not already enabled by default, you’ll want to schedule regular and automatic virus scans on your devices. Most reputable antivirus applications will also allow you to enable automatic software updates, to ensure you’re always protected against the latest malware.You can decide to schedule different levels of virus scans on a regular basis (say daily, weekly, or monthly) at the time that is most convenient for you. Knowing that your antivirus software will do some of the hard work for you is a good way to provide some peace of mind.
Similarly, it might be worth scheduling automatic data backups, so if anything happens to your device or anyone gains access to it, a copy of all your valuable files will be stored safely
Once and for all, let go of your old accounts
You know when we mentioned the Yahoo breach reminding people of their old accounts from their teenage years? While nobody wants to be reminded of being the owner of an email address along the lines of iLuvNickelback94@xyz.com (no offense – we’ve all been there), this is a perfect example of why you should always deactivate the accounts you’re not using.
The reason is simple: the more active accounts you have, the higher the chances of being hacked, especially if you have re-used your passwords. There are a few handy tools out there to help you track down all the accounts associated with each of your email addresses, so you can narrow them down to the ones you actually need with just a few clicks (we’re a fan of Deseat.me).Reviewing and closing your old accounts is one of those tasks that might take you an hour of your time once every few months in return for much-needed peace of mind. In our opinion, it’s definitely worth the trade-off.
Share the burden
When it comes to major data breaches hitting large corporations, many employees wrongly assume that the job of keeping everyone safe from cyber threats should fall on the shoulders of a specific person or team within the organization. This is a very dangerous misconception, as security is and always will be a shared responsibility.
For this reason, it’s important that organizations encourage a culture mindful of security, educating all employees about basic cybersecurity best practices that enable them to be in control of their data.
Knowing that each of your colleagues and family members are also doing their part watching out for cyber threats will relieve some of the burden, making it much harder for the hackers to breach your defences.
Cybersecurity fatigue is a real, collective issue fueled by the omnipresence of insidious cyber threats. While we can’t just make it go away by remaining blissfully oblivious to security menaces and data breaches, there are a few measures you can take to remain vigilant without feeling overwhelmed.
And if you’re a user of VNC® Connect remote access software, you’ll be happy to know our Engineering Team has developed cybersecurity fatigue immunity and worked hard to make our software as secure as possible, so you have one less thing to worry about.
(The proof is in our Security Whitepaper, but if you’re not up to reading it just yet we’ll understand – just know that it’s there if you need it!)