Cybersecurity Is Just A Lot Of Trouble For The General Public

Uploaded on 2016-10-19 in NEWS-News Analysis, FREE TO VIEW

This is National Cybersecurity Awareness Month, but a new study suggests that many of the general public have thrown in the towel and given up.

The detailed study, from the National Institute of Standards and Technology (NIST), suggests that the public is suffering from “security fatigue” and a feeling of helplessness when it comes to their online security.

NIST proposes a three point plan to ease security fatigue and help users improve their behaviour when it comes to online security:

First: Limit the number of security decisions users need to make

Second: Make it simple for users to choose the right security action

Third: Design for consistent decision making whenever possible

As report co-author Mary Theofanos explains, instilling some good habits is essential. It safe behaviour becomes habitual, then when we feel swamped by the craziness of the online world we will at least fall back into habits that have been designed to protect us, rather than put us at greater risk.

And it is important to take some of the tricky decisions away from the users. The goal should be for doing the right thing to be the easy choice, and it being much harder to do the wrong thing. And, of course, to help users recover when the wrong thing happens (as they surely still will sometimes!)

We are all now in the lucky position to not only have powerful computers in the workplace and at home, but even carried in our pockets everywhere we go. Our increased interconnectivity might open us up to more opportunities for attack, but the technology we have alongside us can play a significant part in making things simpler and safer.

Many of the respondents in the quotes given above, for instance, relay issues related to passwords, PINs and security measures to access accounts.

The typical person does feel exhausted at the prospect of having to ensure that their passwords are not just unique, more than 20 characters long, and compiled of a gobbledygook random collection of letters, characters and numbers, let alone the challenge of remembering them.

But that’s where computers and smartphones come in. The most common question I am asked by members of the public is “I know I’m supposed to have lots of different, complex passwords… but how am I supposed to remember them?”

Well, good news! You’re not supposed to remember them. In fact, if you can remember them you’re probably doing it wrong! Instead, invest in a decent password manager which will securely store your passwords for you and even generate properly random, complex passwords when you need to create a new account online.

Password management software can be used to not just remember your login passwords, but also your PIN numbers and the answers to those impossible questions your bank sometimes asks about your mother’s French teacher’s maiden name.

If we take the time to explain, and demonstrate the benefits that secure practices can bring, then we can increase the chances of regular non-technical members of the public embracing online safety.

After all, when designed and implemented properly, the whole point about security solutions should be to reduce stress and fatigue.

Tripwire

 

« New Virus Attacks All Windows-Based Computers
Women Suspected To Attempt Next Terror Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Nuix

Nuix

Nuix specialise in extracting knowledge from unstructured data. Applications include Digital Forensics, Cybersecurity Intelligence, Information Governance, eDiscovery.

Security Research Labs (SRLabs)

Security Research Labs (SRLabs)

Security Research Labs is a Berlin-based hacking research collective and consulting think tank.

Wavestone

Wavestone

Wavestone is a strategy and technology consulting company with areas of expertise including digital transformation and cybersecurity.

maCERT

maCERT

maCERT is the national Computer Emergency Response Team for Morocco.

Auxilium Cyber Security

Auxilium Cyber Security

Auxilium Cyber Security is independent information security consultancy company.

GreyCampus

GreyCampus

GreyCampus is a leading provider of training for working professionals in the areas of Project Management, Big Data, Data Science, Service Management, Quality Management and Information Security.

Uppsala Security

Uppsala Security

Uppsala Security built the first crowdsourced Threat Intelligence platform known as the Sentinel Protocol, which is powered by blockchain technology.

Genians

Genians

Genians provides the industry’s leading Network Access Control (NAC) solution, which ensures full visibility of all IP-enabled devices regardless of whether they are wired, wireless, or virtual.

Cyber Security Africa

Cyber Security Africa

Cyber Security Africa is a full-service Information Security Consulting firm offering a comprehensive range of Services and Products to help organizations protect their valuable assets.

Delfigo Security

Delfigo Security

Delfigo Security, a pioneer in intelligent authentication, provides a strong, multi-factor authentication solution to prevent identity theft and reduce fraud.

MCPc

MCPc

MCPc improves the security and well-being of our clients. We protect data, manage the complexity and sustainability of technology, empower employee performance, and ultimately reduce business risk.

Crypto International

Crypto International

Crypto International offers comprehensive services for the operation of our customers’ IT and communication infrastructure, with a focus on cybersecurity and encryption solutions.

Aware

Aware

Aware is the only comprehensive AI solution for governance, risk, compliance and insights for leading collaboration platforms.

StateRAMP

StateRAMP

StateRAMP reduces risk from unsecure cloud solutions and protects data by providing State and local governments a standardized approach for verifying and monitoring security postures.

Avetta

Avetta

Avetta One is the industry’s largest Supply Chain Risk Management (SCRM) platform. It enables clients to manage supply chain risks and suppliers to prove the value of their business.

Oregon Systems

Oregon Systems

Oregon Systems is a Regional Leader & Distributor with value added services for OT, IoT, IIoT & IT Cybersecurity products, Solutions & professional services throughout the middle-east region.

Venticento

Venticento

Venticento is an IT company specialized in consulting and network support and assistance for companies that need to make their business processes more effective.