Security Fatigue: Threats from Inside

Security Fatigue

The sheer volume of security related messaging in the average workplace – including government offices – has led to what security researchers term “security fatigue” as a result of the overwhelming calls to action related to computer security. According to a National Institute of Standards and Technology (NIST) study, security fatigue is characterized by “a sense of resignation” and “decision avoidance” as a result of a combination of factors including information overload, as well as a lack of tools to handle the tasks set before employees such as how to handle a large number of login credentials. In addition, the use of fear to secure employee compliance leads employee burnout when it comes handling security initiatives. How should IT contractors in the government sector handle this issue?

Identify Security Fatigue in the Workplace

Government IT contractors who handle security can begin with looking at stressors in the office environment. A common culprit is the host of communications regarding security. Some offices have a high volume of emails, posters, announcements, and other materials about computer and internet security. While some information about the topic is important for getting the word out, too much saturation can lead to employees shrugging off the threat as a result of a general feeling of helplessness in the face of so many orders.

This attitude of facing the inevitable is especially problematic when it comes to convincing people to take precautions against a malicious cybersecurity breach. Due to the prevalence of breaches these days, many people feel that it is bound to happen at some point. That type of apathy toward securing accounts and maintaining other data security protocols is especially dangerous in the intelligence community where a breach can easily become a matter of national security.

How to Combat Security Fatigue

The key to overcoming security fatigue is to give employees healthy methods to take back control. For example, an employee who must handle a large number of login credentials may be tempted to use easy and unsafe solutions such as reusing passwords or writing them down at a workstation. Empowering employees to utilize a password manager program or other secure method will allow them to go about their jobs much more easily while maintaining security compliance.

Most importantly, these issues need to be addressed before a breach occurs. Computer hygiene is a common problem, but can be improved by establishing a workplace culture that encourages vigilance without going over the top with fear tactics. Educational efforts about security breaches should focus on what employees can do to prevent targeted attacks such as those via email attachments, phishing scams, links on the web, and through devices such as phones and tablets, can help alleviate the mystery about security and get employees thinking proactively. Teaching employees that they can make a difference will help them feel capable and empowered.

Are you a cleared professional looking for government contract work?

See our current government contract job openings and apply today!