Cybersecurity Is Just A Lot Of Trouble For The General Public

This is National Cybersecurity Awareness Month, but a new study suggests that many of the general public have thrown in the towel and given up.

The detailed study, from the National Institute of Standards and Technology (NIST), suggests that the public is suffering from “security fatigue” and a feeling of helplessness when it comes to their online security.

NIST proposes a three point plan to ease security fatigue and help users improve their behaviour when it comes to online security:

First: Limit the number of security decisions users need to make

Second: Make it simple for users to choose the right security action

Third: Design for consistent decision making whenever possible

As report co-author Mary Theofanos explains, instilling some good habits is essential. It safe behaviour becomes habitual, then when we feel swamped by the craziness of the online world we will at least fall back into habits that have been designed to protect us, rather than put us at greater risk.

And it is important to take some of the tricky decisions away from the users. The goal should be for doing the right thing to be the easy choice, and it being much harder to do the wrong thing. And, of course, to help users recover when the wrong thing happens (as they surely still will sometimes!)

We are all now in the lucky position to not only have powerful computers in the workplace and at home, but even carried in our pockets everywhere we go. Our increased interconnectivity might open us up to more opportunities for attack, but the technology we have alongside us can play a significant part in making things simpler and safer.

Many of the respondents in the quotes given above, for instance, relay issues related to passwords, PINs and security measures to access accounts.

The typical person does feel exhausted at the prospect of having to ensure that their passwords are not just unique, more than 20 characters long, and compiled of a gobbledygook random collection of letters, characters and numbers, let alone the challenge of remembering them.

But that’s where computers and smartphones come in. The most common question I am asked by members of the public is “I know I’m supposed to have lots of different, complex passwords… but how am I supposed to remember them?”

Well, good news! You’re not supposed to remember them. In fact, if you can remember them you’re probably doing it wrong! Instead, invest in a decent password manager which will securely store your passwords for you and even generate properly random, complex passwords when you need to create a new account online.

Password management software can be used to not just remember your login passwords, but also your PIN numbers and the answers to those impossible questions your bank sometimes asks about your mother’s French teacher’s maiden name.

If we take the time to explain, and demonstrate the benefits that secure practices can bring, then we can increase the chances of regular non-technical members of the public embracing online safety.

After all, when designed and implemented properly, the whole point about security solutions should be to reduce stress and fatigue.

Tripwire

 

« New Virus Attacks All Windows-Based Computers
Women Suspected To Attempt Next Terror Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Globalscape

Globalscape

Globalscape is a leader in secure data exchange solutions.

ABL Cyber Academy

ABL Cyber Academy

ABL provide certified training courses in the field of cyber security and IT project management.

Appdome

Appdome

Appdome is the industry's first mobile integration as a service company, providing solutions for enterprise mobility and mobile application security.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

Silverskin Information Security

Silverskin Information Security

Silverskin is a cyber attack company that specializes in having knowledge of the attacker's mindset to identify vulnerabilities and build effective and persistent defences.

Swiss Cyber Storm

Swiss Cyber Storm

Swiss Cyber Storm is a non profit organization hosting the international Swiss Cyber Storm Conference and running the Swiss part of the European Cyber Security Challenges.

Verafin

Verafin

Verafin is one of the North American leaders in fraud detection and AML software.

Micro Strategies Inc.

Micro Strategies Inc.

Micro Strategies provides IT solutions that help businesses tackle digital transformation in style.

Crosser

Crosser

The Crosser Platform enables real-time processing of streaming or batch data for Industrial IoT, Data Transformation, Analytics, Automation and Integration.

SEIRIM

SEIRIM

SEIRIM delivers cybersecurity solutions in Shanghai China specializing in Web Application Security, Network Security for SME's, Vulnerability Management, and serving as Managed Security as a Service.

Viettel Cyber Security

Viettel Cyber Security

Viettel Cyber Security is an organization under the Military Telecommunication Industry Group, conducting research and developing information security solutions for domestic and foreign customers.

Gridware

Gridware

Gridware is a specialised cybersecurity consultancy firm and an emerging global player in the cybersecurity intelligence and advisory field.

SNC-Lavalin

SNC-Lavalin

SNC-Lavalin is a fully integrated professional services and project management company with offices around the world.

North Green Security

North Green Security

North Green Security is a UK-based cyber security training and consultancy company.

ERCOM

ERCOM

Ercom, a subsidiary of the Thales Group, is a French company known for its mobility security solutions.

Aegis9

Aegis9

Aegis9 is an Australian owned and sovereign consultancy that specialises in providing tailored security solutions for both public and private sector clients based on their specific needs.