Are Your Employees Suffering from Security Fatigue?
We’re all less responsive when we’re fatigued.
You wouldn’t want to do any critical tasks while you weren’t at your best. Whether you’re taking an exam or flying a plane, feeling energized and on top of your game is essential.
The same goes for security processes.
Researchers are discussing what the IT industry calls “security fatigue” to better understand how human error happens. While impossible to eliminate, human error can be decreased when we pay attention to the root causes. Security fatigue is at the top of that list.
In this article, we’ll discover what it means to have security fatigue and how to help your employees who are suffering from it. Ultimately, supporting your employees will make all the difference in lessening your organization’s chance of a security breach.
We’ll tell you how.
What Is Security Fatigue?
Imagine that moment when your to-do list is piled so high that you have no idea where to start.
Security fatigue is the feeling of weariness brought on by overwhelm. Users are continually faced with security rules, day-to-day procedures, cybersecurity breaches in the news, and new technology developments. It’s a never-ending list of essentials.
Eventually, a person will shut down and withdraw from their security responsibilities.
Is It Common?
The National Institute of Standards and Technology (NIST) studied approximately 40 professionals to better understand their relationship with technology and security. Their findings revealed overwhelming security fatigue. Results showed that this fatigue eventually led to “dread and resignation.”
Once users were constantly bombarded with security decisions and continual fear of a breach, they began distancing themselves from security-related decisions—either falling back onto familiar habits or avoiding decisions altogether.
This resignation from security best practices can obviously cause an issue for your organization. If your employees are suffering from security fatigue, you could easily be left open to a security breach. Though your employees are well-meaning and, hopefully, well-trained, they will make mistakes. Sooner or later, issues will surface.
Getting ahead of the issue is your best defense. But, how can you tell if your employees are suffering from security fatigue?
How to Identify Security Fatigue in Your Employees
In theory, explaining the concept of security fatigue and then asking your employees if they can relate would be the easiest place to start.
However, put yourself in that employee’s position: you feel you’re falling short in a way that could hurt the company. Would you admit that to your supervisor?
Instead, try to identify the issue and formulate a mitigation plan—before you’re left wondering how this employee could have possibly missed the update that led to a ransomware attack.
Your employees may not tell you how much pressure they feel because they want to seem like they have everything under control. Small mistakes may not seem important, so they may not even realize they need help.
Mistakes commonly made by fatigued employees are:
- Reusing passwords
- Clicking on phishing links
- Forgetting necessary updates
- Connecting to an unsecure network
Design a proactive plan to combat possible security fatigue, even if it hasn’t caused an issue—yet.
How Can You Cure It?
NIST suggests setting up your employees for success. For example, if they fall back on habits when they become overwhelmed, create a system of good habits. Focus on employee training, and lead by example. Create company-wide reminders to update passwords. Establish a system that keeps everyone accountable and recognizes a job well done.
Because employees with cyber fatigue tend to avoid decision making, reduce the number of decisions they have to make. Wherever possible, automate security practices to relieve the pressure employees feel. Using a password manager is an excellent example of automating a process so that employees aren’t left to choose a previously used password.
According to Mary Theofanos, a computer scientist at NIST: “Our goal in computer security is to help users do the right thing, make it hard to do the wrong thing, and help them recover when the wrong thing happens.”
When it comes to security habits—complex passwords, consistent updates, secure connections, and identifying phishing emails—make a point to revisit those training topics often. By designing your organization’s security program to make security easier, you’re relieving the pressure and fatigue while also increasing security. Killing two birds with one stone, if you will.
How Technology Lab Can Help
When in doubt, look to the professionals. Outsourcing your IT allows your team to focus on core functions. When the daily security and IT process pressures are off, employees can strengthen their attention in other areas and explore revenue-driven initiatives.
Technology Lab’s team of experts provides services to step in as your IT department or to fill in the gaps. We work with your organization to understand your goals, creating a strategy that works toward your future.
Contact Technology Lab to learn more about how we can relieve your employees’ security fatigue.