How to Fight Security Fatigue For Employees and Customers

 

How to Fight Security Fatigue For Employees and Customers

What is security fatigue? Why does it matter to your cybersecurity, both during work-from-home and afterward? How can identity management help your users, employees, and customers avoid security fatigue? 

The term “security fatigue” refers to certain desensitization experienced by users regarding cybersecurity. Some describe it as intellectual or emotional exhaustion with dealing with particular cybersecurity policies or tools. Others describe it as a reluctance to deal with the myriad demands protecting their identities entails. 

When employees experience security fatigue, they might make riskier decisions regarding their cybersecurity. For example, if they can’t remember their password, they may change it to an easier one they already use. Therefore, they introduce a new vulnerability to your business. Alternatively, they may create dangerous workarounds or simply ignore cybersecurity best practices. Moreover, they could fall for phishing attacks more often. 

Thus, security fatigue begins with the sensation of being overwhelmed by threat intelligence and identity management demands. So what causes this significant challenge to employees and businesses?

What Causes Security Fatigue? 

If we approach this challenge from a customer identity and access management (CIAM) perspective, security fatigue sets in with making accounts. Customers must make a new account for every digital shopping portal, which can exhaust even the most dedicated shopper. In fact, some shoppers choose to abandon their carts rather than make a whole new profile. 

For employees, often the demand to create or update strong passwords overwhelms. Since employees need to remember or keep track of hundreds of passwords, trying to remember one more unique one may prove a bridge too far. 

Similarly, users may feel frustrated at your authentication policies. As an example, if a single missed password is enough to lock them out of their account, that tends to repulse users. In fact, your users might develop workarounds instead, which leaves your organization vulnerable. 

Finally, users may feel this kind of fatigue through simple ignorance. Most users don’t end up directly hacked or breached (at least, not that they are aware of). Additionally, they may not know anyone directly breached. Therefore, they could not understand the dire need for adequate cybersecurity and thus experience security fatigue more. 

Ultimately, some users feel that the act of being constantly vigilant tires them. So what can your business do with identity management to avoid this problem? 

How Identity Management Helps Solve The Problem

To use identity management to avoid security fatigue, your enterprise needs to recognize what causes the problem in your use case. 

For example, if your users are overwhelmed by passwords, you could deploy a password manager. These securely store all of a users’ passwords and inputs them automatically when the user attempts to log in. This helps encourage employees to make unique passwords since they no longer feel the burden of remembering all of them.

Further, your enterprise should embrace single sign-on (SSO). This enables users to input one set of credentials to access more resources and databases; so long as it remains secure, so will all of the databases. It also limits the number of logins an average user needs to make, thus relieving them of some of the pressure. 

In a CIAM, embrace tools and strategies that facilitate the shopping experience, including Social Sign-On.   

Finally, use passive authentication factors as well as more active ones. These can include geofencing, time of access monitoring, and behavioral biometrics; all of them can authenticate a user without requiring direct input on their part. As a parting thought, educate your users. If they understand the legitimate threats they face, they will embrace constant vigilance readily. 

To learn more, check out our Identity Management Buyer’s Guide

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner