It’s time to wake up to the threat of security fatigue

Take these seven easy, proactive steps to protect your digital life

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

There is no mis­tak­ing that, by now, most con­sumers have at least a pass­ing aware­ness of cyber threats.

Two oth­er things also are true: All too many peo­ple fail to take sim­ple steps to stay safer online; and indi­vid­u­als who become a vic­tim of iden­ti­ty theft, in what­ev­er form, tend to be baf­fled about what to do about it.

A new sur­vey by the non­prof­it Iden­ti­ty Theft Resource Cen­ter, sched­uled to be released in full next week, rein­force these notions. ITRC sur­veyed 317 peo­ple who used the organization’s ser­vices in 2017 and had expe­ri­enced iden­ti­ty theft. The study was spon­sored by Cyber­Scout, which also spon­sors Third­Cer­tain­ty. A few highlights:

• Near­ly half, 48.4 per­cent, of data breach vic­tims were con­fused about what to do
• Only 56 per­cent took advan­tage of iden­ti­ty theft pro­tec­tion ser­vices offered after a breach
• Some 61 per­cent declined iden­ti­ty theft ser­vices due to lack of under­stand­ing or confusion
• Some 32 per­cent didn’t know where to turn for help in event of a finan­cial loss due to iden­ti­fy theft.

Keep your guard up

These psy­cho­log­i­cal shock waves, no doubt, are com­ing into play yet again for 143 mil­lion con­sumers who lost sen­si­tive infor­ma­tion in the Equifax breach. The ITRC find­ings sug­gest that many Equifax vic­tims are like­ly to be fright­ened, con­fused and frus­trat­ed to the point of acqui­es­cence. That’s because the dig­i­tal lives we lead come with risks no one fore­saw at the start of this cen­tu­ry. And the real­i­ty is that con­sumers need to be con­stant­ly vig­i­lant about their dig­i­tal life. How­ev­er, cyber attacks have become so ubiq­ui­tous that they’ve become white noise for many people.

Relat­ed video: Why you should use ver­bal pass­words for your online bank­ing accounts

The ITRC study is the sec­ond major report show­ing this to be true. Last fall, a major­i­ty of com­put­er users polled by the Nation­al Insti­tute of Stan­dards and Tech­nol­o­gy said they expe­ri­enced “secu­ri­ty fatigue” that often cor­re­lates to risky com­put­ing behav­ior they engage in at work and in their per­son­al lives.

The NIST report defines “secu­ri­ty fatigue” as a weari­ness or reluc­tance to deal with com­put­er secu­ri­ty. As one of the study’s research sub­jects said about com­put­er secu­ri­ty, “I don’t pay any atten­tion to those things any­more. … Peo­ple get weary from being bom­bard­ed by ‘watch out for this or watch out for that.’”

Bri­an Stan­ton, cog­ni­tive psychologist

Cog­ni­tive psy­chol­o­gist, Bri­an Stan­ton, who co-authored the NIST study, observed that “secu­ri­ty fatigue … has impli­ca­tions in the work­place and in peo­ples’ every­day life. It is crit­i­cal because so many peo­ple bank online, and since health care and oth­er valu­able infor­ma­tion is being moved to the internet.”

Make no mis­take, iden­ti­ty theft is a huge and grow­ing prob­lem. Some 41 mil­lion Amer­i­cans have already had their iden­ti­ty stolen—and 50 mil­lion report­ed being aware of some­one else who was vic­tim­ized, accord­ing to a sur­vey.

Attacks are multiplying

With sen­si­tive per­son­al data for the clear major­i­ty of Amer­i­cans cir­cu­lat­ing in the cyber under­ground, it should come as no sur­prise that iden­ti­ty fraud is on a ris­ing curve. Between Jan­u­ary 2016 and June 2016, iden­ti­ty theft account­ed for 64 per­cent of all data breach­es, accord­ing to Breach Lev­el Index. One rea­son for the rise was a huge jump in inter­net fraud. Card not present (CNP) fraud leaped by 40 per­cent in 2016 while point of sale (POS) fraud remained unchanged.

It’s not just weak pass­words and indi­vid­ual errors that are fuel­ing the rise in online fraud. Orga­ni­za­tions we all trust with our per­son­al infor­ma­tion are being attacked every sin­gle day. The mas­sive breach of finan­cial and per­son­al his­to­ry data for 143 mil­lion peo­ple from cred­it bureau Equifax is just the lat­est example.

Over the past four years there has been a steady drum­beat of major data breach­es: Tar­get, Home Depot, Kmart, Sta­ples, Sony, Yahoo, Anthem, the U.S. Office of Per­son­nel Man­age­ment, the Repub­li­can Nation­al Com­mit­tee, just to name a few. The hun­dreds of mil­lions of records stolen nev­er per­ish; they will con­tin­ue in cir­cu­la­tion in the cyber under­ground, avail­able for sale and/or to be used in the next inno­v­a­tive fraud campaign.

Be safe, not sorry

Pro­tect­ing your­self online doesn’t have to be dif­fi­cult or com­pli­cat­ed. Here are sev­en ways to bet­ter pro­tect your pri­va­cy and your iden­ti­ty today:

• Freeze your cred­it rat­ing at the big three rat­ing agen­cies so scam­mers can’t use your iden­ti­ty to take out loans or cred­it cards
• Add a web­site grad­er to your brows­er to avoid malware
• Enroll in ID theft cov­er­age with your bank, insur­er or employer—it could be free or sur­pris­ing­ly inexpensive
• Get and use a pass­word vault so you can cre­ate and use hard to guess passwords
• Be knowl­edge­able about com­mon cyber scams
• Add a ver­bal pass­word to your bank account login and set up text alerts to unusu­al activity
• Come up with a con­sis­tent way to decide whether it’s safe to click on something.

There is a big­ger impli­ca­tion of los­ing sen­si­tive infor­ma­tion as an indi­vid­ual: It almost cer­tain­ly will have a neg­a­tive rip­ple effect on your fam­i­ly, friends and col­leagues. There is a bur­den on con­sumers to be more proac­tive about cyber­se­cu­ri­ty, just as there is a bur­den on com­pa­nies to make it eas­i­er for indi­vid­u­als to do so.

NIST researcher Stan­ton describes it this way: “If peo­ple can’t use secu­ri­ty, they are not going to, and then we and our nation won’t be secure.”

Melanie Gra­no con­tributed to this story.

More sto­ries relat­ed to cyber­se­cu­ri­ty fatigue:
Wake up and avoid a ‘breach fatigue’ nightmare
Don’t let chron­ic (breach) fatigue syn­drome get you down
Inte­grat­ed cloud-based secu­ri­ty plat­form is vital for reduc­ing ‘point prod­uct fatigue’