By Zach DeMeyer Posted May 20, 2018
In today’s world, information security breaches are about as common as the cold. Similarly to the common cold, the public is getting sick of hearing that another company they’ve put their trust into has been compromised. As more breaches happen, each one becomes another banal fact of life. Complacency, however, is the impetus of almost every breach in history, and often arises due to security fatigue. But, what exactly is security fatigue? Well, here is the definition of the term, and five ways you can avoid it.
What is Security Fatigue?
In the modern 24-hour news cycle, too often we can be overloaded with information, and in today’s world, some of that information can be emotionally powerful. The news can be so overwhelming that people can fall into a state of “compassion fatigue.” Compassion fatigue is the feeling of complete emotional exhaustion and hopelessness after an onslaught of strong emotional stimulus, such as a tragedy in the news. Well, many of today’s security professionals feel that a similar effect can result from security breaches.
Security fatigue is a sense of complacency felt after hearing about security breaches over and over and over and… you get the picture. With repeated news of security breaches, it’s not hard to grow weary of hearing about things like password changes. For instance, two weeks ago, another massive identity security compromise hit the news; telecom giant T Mobile lost the information of 2 million customers. From the outside looking in, it just seems like another statistic, another giant corporation being irresponsible with their security practices, and yet another reminder to change your passwords. For the victims involved, however, the repercussions were enormous.
The Aftermath of a Breach
The company itself lost the personal information of 2 million customers, accounting to almost $2 million worth, and as a result, they lost their customers’ trust. About 3% of their 75 million person customer base was affected by the breach, which left them feeling not only concerned regarding their personal information, but wary of T Mobile as a whole. The same could be said for the other 97% who luckily avoided losing their information. Without having experienced this misfortune, it’s easy to become a bystander, adopt a blasé attitude, and experience security fatigue.
That’s why we at JumpCloud® feel that battling security fatigue is everyone’s responsibility. So, we’ve come up with a list of five tips to help you fight back against complacency and avoid becoming another security breach statistic.
5 Tips to Avoid Security Fatigue
#1: Password Management
Passwords are the key to your online identity. We know you’re probably tired of hearing about it, but keeping your passwords secure and confidential is crucial to preventing a breach. Verizon reports that 81% of hacking-related breaches in 2017 were due to weak or stolen passwords. Symantec found that the three most popular passwords are “123456”, “password”, and “logmein”. By implementing stronger password complexity requirements and utilizing password managers instead of using the same passwords for multiple accounts, businesses and individuals alike can drastically decrease their attack vectors for breaches.
#2: Multi-factor Authentication (MFA)
While some think it’s just a passing fad, multi-factor authentication (MFA) is the identity security tool of the future. By leveraging an additional step in the login process, whether it be with a time sensitive token generated by an app or a set of external personalized codes, MFA reduces the chance of a hack dramatically. According to Symantec, MFA could have prevented 80% of breaches in the past few years. While it may be cumbersome to introduce another step into identity authentication, the benefits far outweigh the drawbacks.
Phishing scams are one of the more prevalent techniques used by malcontents to breach identities. As it turns out, mindfulness is a simple way to avoid these hacking attempts (no, we’re not trying to tell you to start going to yoga or pilgrimage to Tibet or anything like that). See, phishers use clones of real company websites, like Microsoft® or Google®, to try and trick people into clicking on bad links. To the untrained eye, they may just seem like regular sites. But, instead of just opening links willy-nilly, by stopping, taking the time to visit the actual site, and ensuring that you are using a secure HTTPS connection, you can avoid being phished easier.
#4 Security Training
Like with mindfulness, having a thoughtful approach to day-to-day security matters is vital. Implementing routine company-wide security training sessions is a great way to reinforce such an approach. Like Mad-Eye Moody from Harry Potter said, “constant vigilance,” which is a great mindset to instill into a security-minded workplace. Attacks can come from anywhere, even inside of an organization, so being aware of how you can be compromised is paramount. This sort of “zero trust” concept behind security is revolutionizing the traditional perimeter model. Training employees with techniques, such as always locking down systems when not in use or utilizing internet browser security plugins (HTTPS Everywhere and Privacy Badger are two examples), are solid first steps towards creating a company culture centered around security.
#5 Strong Directory Service
Identity and access management (IAM) is the backbone of information security, especially for an organization’s IT admins. Leveraging a reliable directory service ensures that the right people are accessing the correct resources, with no imposters slipping through the cracks. In a world where the cloud rules and employees are facilitating cross-platform work environments, legacy, on-prem directory service solutions, such as Microsoft Active Directory®, just aren’t up to snuff. Savvy IT admins are starting to consider cloud directory services so that they can properly authenticate and authorize their end users’ identities, regardless of platform, protocol, provider, or location.
We hope these security tips are implemented in both your work and personal lives. However, the most efficient way to cover all of these bases in a business context is by utilizing JumpCloud Directory-as-a-Service® (DaaS) as your cloud directory service. Directory-as-a-Service is a new generation of directory services leveraged from the cloud. JumpCloud features an implementable password complexity function and password management tools such as our System App, and MFA for Mac® and Linux® systems. DaaS also provides True Single Sign-On™, leveraging the LDAP, SAML, and RADIUS protocols to connect to a wide range of applications, on-prem and in the cloud, and networks. By utilizing JumpCloud Policies, IT admins can also implement security techniques such as screen locking or denying guest user accounts across entire fleets of systems. DaaS is a surefire remedy to security fatigue.
To learn more about security fatigue and JumpCloud Directory-as-a-Service, contact our expert Customer Success team. You can check out our YouTube channel for educational video content on information security as well. If JumpCloud DaaS seems like the security fatigue solution for you, you can make sure by scheduling a demo of the DaaS product or signing up for the JumpCloud platform. Not only is signing up completely free, but it doesn’t require a credit card and comes with 10 complimentary users to get you started.