July 24, 2018

Do Employees in Your Workplace Have Security Fatigue? Here’s What to Do


If you’re tired of keeping up with all the computer security requirements that are necessary today, you’re not alone.

In a recent study by the National Institute of Standards in Technology (NIST), 63% of participants, who were all typical computer users, said they were experiencing security fatigue.

What is Security Fatigue?

Security fatigue is defined in the study as a weariness or reluctance to deal with computer security. As researchers explained, it usually begins when it becomes too hard or burdensome for users to maintain security and as such, computer users at home and in the workplace simply stop following basic security guidelines.

The biggest problem is that risky computing behaviors increase the possibility of mistakes and data breaches. This can all be prevented, however, with these security tips for your employees to follow whenever they're working online.

What are signs and symptoms of security fatigue – and what can help?

  • Falling for phishing:

    When someone has security fatigue, there’s a tendency to click on links and attachments in emails without first confirming that the sender is legitimate and safe. Research has shown that 91% of cyber attacks start with a phishing email. The solution: Provide regular training so employees understand the importance of information security and are aware of various phishing and other scams and how to avoid them.  
  • Reusing passwords:

    Another common symptom is poor password hygiene such as reusing passwords - 81% of people in a recent survey used the same password for more than one account and 36% reused the password in more than 25% of their online accounts. The solution: For anyone with more than a few passwords to remember, experts recommend installing a password manager that generates strong passwords and stores them safely. Users only have to remember one password.
  • Not updating systems:

    Security fatigue sufferers do not consistently update or patch their devices and software when alerted. The solution: The IT department can help keep systems and devices up-to-date by implementing automatic patching and updating.  Also, use other cyber security to monitor systems to detect and stop suspicious behaviour that could be harmful.
  • Turning a blind eye to suspicious traffic:

    Security fatigue can cause a person to just stop caring about security. If they notice unusual and suspicious activity, they may just ignore it. The solution: Create a culture of security in the workplace from the top down that encourages everyone to personally commit to guarding against information thieves.  
  • Cutting corners:

    Someone who is suffering from security fatigue also starts to cut corners and choose the easiest – and not always most secure – available options. For example, they use public Wi-Fi when handling confidential data. The solution: Limiting the number of security decisions users have to make will help reduce security fatigue. This can be done with policies and by embedding secure processes into workflows. A Mobile Policy should make it mandatory to encrypt data and to use a virtual private network (VPN) off-site. Partner with a document destruction company that provides secure destruction services for paper documents and hard drives.

Start Protecting Your Business

Follow these cyber security tips whenever possible, but to learn even more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and information security risk assessment.