A Double-Edged Sword
The COVID-19 Pandemic sped up the adoption of Remote Workforce or Work From Home (WFH) setup as it seems to be the best approach to continue business while maintaining social distancing against COVID-19. The WFH setup is like a double-edged sword. It has its strengths, but it also comes with a handful of weaknesses, one of them is a potential cybersecurity breach. Since data within the organization is now transmitted over a wide network instead of a more secure local network in the office, it is more prone to attackers thus, requiring an effective security protocol.
It is a good thing that businesses today are now aware of the importance of cybersecurity and they are willing to invest in it. However, the implementation of these security measures is what matters most. No matter how expensive or effective a security system is if implemented poorly, it may not deliver as promised. So, for the business to avoid hurting itself, employers and employees should work hand in hand in keeping their defenses up.
Security Fatigue is defined by the National Institute of Standards and Technology (NIST) as “a weariness or reluctance to deal with computer security.” This means that over time, employees or employers somehow “get tired” of maintaining their computer security. Symptoms are reusing passwords, not updating devices and software, not using secure connections, and more. Think of a man who just got a new car. He cleans it every day, then every day becomes every week, then every week becomes once a month, then once a month becomes once a year, and once a year becomes never. Security Fatigue can be imagined that way.
Several factors contribute to security fatigue. One is that maintaining a high level of security can be tedious. For example, as part of a security protocol, an employee needs to memorize not just one password, depending on the number of tools they use, and they have to periodically change them. Fatigue kicks in when the employee reuse the same password for all these tools. As a result, an attacker only needs to crack one password to get into the system. Another factor is complacency. When updating software and passwords become a repetitive task, people can be complacent enough to ignore important security protocols. They become careless thinking that since no attack happened before, they can relax and be complacent. Like a guard sleeping on duty and that’s dangerous.
Relieving Security Fatigue
Some steps can be done to relieve security fatigue and keep employees motivated enough to do their part in keeping your defenses.
- For passwords, use password managers. Password Managers are software that generates strong passwords and saves them in a secured location. Employees can use password managers to generate passwords for their tools. This way, they only need to keep one login credential and that is for the password manager.
- Promote Digital Hygiene. Routine security protocols can be compared to one’s hygiene. We develop our daily hygiene through habit formation. In the same way, by making a habit of regular security checks, security fatigue may not be a problem. For starters, you can use reminders that you can program to your system where it will prompt you to change passwords or update the software on schedule. Or, you can stick with the classic post-it.
- Use Trusted VPN. VPNs encrypt your internet traffic rendering it useless for interceptors. A trusted VPN at bay can keep the attacker away.
- Implement personal responsibility and accountability. Security fatigued employees are common prey to phishing and attacks. By making them responsible and accountable, you can keep them motivated to keep their system secured.
- Let your Security and IT team handle updates. Security and IT teams should have access to remote stations. To make sure each system is secured and updated, they should be regularly checking each system and updating them remotely.
- Backup…Need Backup! Well, this is a no brainer but many businesses lose important data because there’s no backup. Make backing up data part of your digital hygiene and save the day.
- Do Regular Security Audits. By doing so, employees will make sure they pass the audit. Of course, they don’t want to have problems with their employers right?
- Get Expert Advice. Security experts like TrinSecurity work hard every day to improve security measures. By consulting experts, you can get educated advice for your security needs.
It is true that maintaining good security is quite a task. Security fatigue can get the best of you if you’re not aware. The key against fatigue is rest and good communication. It’s not good for the employer to take the fight on his own. In the same way, it is not good for an employee to be left alone in the dark, fighting on his own. That’s why they need to communicate and take turns. Each has his/her responsibility in keeping attackers away.