Cybersecurity Is Just A Lot Of Trouble For The General Public

Uploaded on 2016-10-19 in NEWS-Cybersecurity News, FREE TO VIEW

This is National Cybersecurity Awareness Month, but a new study suggests that many of the general public have thrown in the towel and given up.

The detailed study, from the National Institute of Standards and Technology (NIST), suggests that the public is suffering from “security fatigue” and a feeling of helplessness when it comes to their online security.

NIST proposes a three point plan to ease security fatigue and help users improve their behaviour when it comes to online security:

First: Limit the number of security decisions users need to make

Second: Make it simple for users to choose the right security action

Third: Design for consistent decision making whenever possible

As report co-author Mary Theofanos explains, instilling some good habits is essential. It safe behaviour becomes habitual, then when we feel swamped by the craziness of the online world we will at least fall back into habits that have been designed to protect us, rather than put us at greater risk.

And it is important to take some of the tricky decisions away from the users. The goal should be for doing the right thing to be the easy choice, and it being much harder to do the wrong thing. And, of course, to help users recover when the wrong thing happens (as they surely still will sometimes!)

We are all now in the lucky position to not only have powerful computers in the workplace and at home, but even carried in our pockets everywhere we go. Our increased interconnectivity might open us up to more opportunities for attack, but the technology we have alongside us can play a significant part in making things simpler and safer.

Many of the respondents in the quotes given above, for instance, relay issues related to passwords, PINs and security measures to access accounts.

The typical person does feel exhausted at the prospect of having to ensure that their passwords are not just unique, more than 20 characters long, and compiled of a gobbledygook random collection of letters, characters and numbers, let alone the challenge of remembering them.

But that’s where computers and smartphones come in. The most common question I am asked by members of the public is “I know I’m supposed to have lots of different, complex passwords… but how am I supposed to remember them?”

Well, good news! You’re not supposed to remember them. In fact, if you can remember them you’re probably doing it wrong! Instead, invest in a decent password manager which will securely store your passwords for you and even generate properly random, complex passwords when you need to create a new account online.

Password management software can be used to not just remember your login passwords, but also your PIN numbers and the answers to those impossible questions your bank sometimes asks about your mother’s French teacher’s maiden name.

If we take the time to explain, and demonstrate the benefits that secure practices can bring, then we can increase the chances of regular non-technical members of the public embracing online safety.

After all, when designed and implemented properly, the whole point about security solutions should be to reduce stress and fatigue.

Tripwire

 

« New Virus Attacks All Windows-Based Computers
Women Suspected To Attempt Next Terror Attack »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Akheros

Akheros

Akheros develops cybersecurity learning algorithms which anticipate, detect and prevent offensive and incongruous behaviors of M2M interactions.

Cyber Seguridad (Cyberseg)

Cyber Seguridad (Cyberseg)

Cyberseg provides specialized Cybersecurity services, including managed services (SOC / CERTs) and solutions for the protection of critical infrastructures.

Saudi Federation for Cyber Security and Programming (SAFCSP)

Saudi Federation for Cyber Security and Programming (SAFCSP)

SAFCSP is a national institution under the umbrella of the Saudi Arabian Olympic Committee, which seeks to build national and professional capabilities in the fields of cyber security and programming.

Lynx

Lynx

Lynx provides high added value services in the area of information systems security and ICT infrastructure building.

CyberCX

CyberCX

CyberCX provides services from strategic consulting, security testing and training to world-class managed services and engineering solutions.

Humming Heads

Humming Heads

Humming Heads offers a complete solution to fight the advanced threats that target a company's endpoints and servers.

Wontok

Wontok

Wontok deliver innovative value-added data security services that fill the gaps left in traditional security solutions.

StoneLock

StoneLock

StoneLock is a trusted leader in the design and manufacture of facial recognition software and technology.

VeriClouds

VeriClouds

VeriClouds is a password verification service that helps organizations detect compromised passwords and stop account takeover attacks.

Reflectiz

Reflectiz

Reflectiz empowers digital businesses to make all web applications safer by non-intrusively mitigating any website risks without a single line of code.

Center for Information Technology Policy (CITP) - Princeton University

Center for Information Technology Policy (CITP) - Princeton University

The Center for Information Technology Policy at Princeton University is a nexus of expertise in technology, engineering, public policy, and the social sciences.

RegScale

RegScale

RegScale helps organizations comply in real-time with multiple compliance requirements (NIST, CMMC, ISO, SOX, etc), scalable to meet the needs of the entire enterprise.

Conseal Security

Conseal Security

Mobile app security testing done well. Conseal Security are specialists in mobile app penetration testing. Our expert-led security analysis quickly finds security vulnerabilities in your apps.

Creative ITC

Creative ITC

Creative ITC is a leading infrastructure and cloud enablement company. We design and deliver exceptional managed services and cloud solutions.

Plex IT

Plex IT

Plex IT provides managed IT services to organisations along with managed security services.

INETCO Systems

INETCO Systems

INETCO deliver essential real-time cybersecurity, payment fraud detection, operational monitoring and analytics solutions that empower our customers to grow their businesses without interruptions.