Cybersecurity Is Just A Lot Of Trouble For The General Public

Uploaded on 2016-10-19 in NEWS-Cybersecurity News, FREE TO VIEW

This is National Cybersecurity Awareness Month, but a new study suggests that many of the general public have thrown in the towel and given up.

The detailed study, from the National Institute of Standards and Technology (NIST), suggests that the public is suffering from “security fatigue” and a feeling of helplessness when it comes to their online security.

NIST proposes a three point plan to ease security fatigue and help users improve their behaviour when it comes to online security:

First: Limit the number of security decisions users need to make

Second: Make it simple for users to choose the right security action

Third: Design for consistent decision making whenever possible

As report co-author Mary Theofanos explains, instilling some good habits is essential. It safe behaviour becomes habitual, then when we feel swamped by the craziness of the online world we will at least fall back into habits that have been designed to protect us, rather than put us at greater risk.

And it is important to take some of the tricky decisions away from the users. The goal should be for doing the right thing to be the easy choice, and it being much harder to do the wrong thing. And, of course, to help users recover when the wrong thing happens (as they surely still will sometimes!)

We are all now in the lucky position to not only have powerful computers in the workplace and at home, but even carried in our pockets everywhere we go. Our increased interconnectivity might open us up to more opportunities for attack, but the technology we have alongside us can play a significant part in making things simpler and safer.

Many of the respondents in the quotes given above, for instance, relay issues related to passwords, PINs and security measures to access accounts.

The typical person does feel exhausted at the prospect of having to ensure that their passwords are not just unique, more than 20 characters long, and compiled of a gobbledygook random collection of letters, characters and numbers, let alone the challenge of remembering them.

But that’s where computers and smartphones come in. The most common question I am asked by members of the public is “I know I’m supposed to have lots of different, complex passwords… but how am I supposed to remember them?”

Well, good news! You’re not supposed to remember them. In fact, if you can remember them you’re probably doing it wrong! Instead, invest in a decent password manager which will securely store your passwords for you and even generate properly random, complex passwords when you need to create a new account online.

Password management software can be used to not just remember your login passwords, but also your PIN numbers and the answers to those impossible questions your bank sometimes asks about your mother’s French teacher’s maiden name.

If we take the time to explain, and demonstrate the benefits that secure practices can bring, then we can increase the chances of regular non-technical members of the public embracing online safety.

After all, when designed and implemented properly, the whole point about security solutions should be to reduce stress and fatigue.

Tripwire

 

« New Virus Attacks All Windows-Based Computers
Women Suspected To Attempt Next Terror Attack »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Nmap Project

Nmap Project

Nmap Project is a Free and open source tool for network discovery, administration, and security auditing.

CSA Events

CSA Events

Cloud Security Alliance conducts a series of conferences around the world. This listing provides a link to details of upcoming events.

Mako Networks

Mako Networks

The Mako System is an award winning networking and security service designed specifically for SMEs and branch offices of larger organisations.

FraudHunt

FraudHunt

FraudHunt protects your website from account fraud, ad fraud, fraud clicks, and malicious bots.

Langner

Langner

Langner is a software and consulting firm specialized in cyber security for critical infrastructure and large-scale manufacturing.

AnChain.AI

AnChain.AI

AnChain.AI's analytics platform proactively protects crypto assets by providing proprietary artificial intelligence, knowledge graphs, and threat intelligence on blockchain transactions.

MISP Project

MISP Project

The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

Security Weaver

Security Weaver

Security Weaver is a leading provider of governance, risk and compliance management (GRCM) software.

Cythereal

Cythereal

Cythereal is the leader in predicting and preventing advanced malware attacks. Security Automation for the Overwhelmed Administrator.

Halborn

Halborn

Elite blockchain cybersecurity. Award-winning ethical blockchain hackers to secure your stack end-to-end. Far beyond smart contracts.

Techstep

Techstep

Techstep is a complete mobile technology enabler, making positive changes to the world of work; freeing people to work more effectively, securely and sustainably.

VENZA

VENZA

VENZA is a data protection company that can help organisations mitigate their vulnerabilities and ensure compliance, keeping guests and their data safe from breaches.

Cyro Cyber

Cyro Cyber

Cyro Cyber is a collective of some of the UK’s most experienced and savvy cybersecurity, information assurance, data protection, IT governance and compliance experts.

Velaspan

Velaspan

Velaspan design, deploy, and manage enterprise wireless networks and cybersecurity solutions for leading businesses and brands.

Equixly

Equixly

Equixly is revolutionizing application security by empowering developers and organizations to build more secure software, elevate their security posture, and stay ahead of emerging threats.