Federal Workers Tired of Security Protocols
Photo: iStockEvery day, workers are showing signs of sustained “security fatigue” — or a reluctance to deal with cyber hygiene — which could negatively impact national defense, industry representatives said.
A recent study conducted by the National Institute of Standards and Technology (NIST) found that many typical computer users have experienced security fatigue “that often leads users to risky computing behavior at work and in their personal lives,” according to a NIST press release. Computer users “got tired of being on constant alert, adopting safe behavior and trying to understand the nuances of online security issues,” it said.
Representatives from the software companies Dell and Alfresco said they see many federal workers — including in defense agencies — affected by this.
“I can’t imagine a defense agency or institution that doesn’t have this level of fatigue today because of all of the additional ways in which information is distributed,” said Andy Vallila, Dell’s security sales leader for the Americas.
If an agency has too many security approaches that have not been integrated or coordinated, or if a worker tries to send data on a device that has not been issued by a defense agency and lacks the proper encryption, field operatives may not receive crucial information in time to make key decisions, he said.
Austin Adams, vice president of the public sector for Alfresco, which provides content management for operating systems like Microsoft Windows, said federal employees are “the more vulnerable aspect of the security defense posture.”
The study recommended three ways to ease security fatigue and help promote secure online habits: limit the number of security decisions users need to carry out; make the process simpler; and design the process for consistent decision-making.
Agencies could benefit from investing in new equipment with anti-virus and anti-malware software installed, and by reorganizing their data, Adams said.
Dell offers what Vallila called a “holistic approach” to provide better security to defense agencies, that provides specific capabilities and adapts policies to suit the agency’s needs, whether it’s on a secure office network, on a home laptop or a mobile phone.