The new year is finally here! The challenges of 2020 are behind us, and a renewed sense of hope means we can be confident about the future again. But here’s the thing: many of last year’s trials and tribulations will still be with us. The COVID-19 pandemic isn’t over yet, even if a vaccine offers a little light at the end of the tunnel. And the online threats that ramped up in 2020 came to a startling climax in December when suspected Russian hackers infiltrated government and tech industry networks across the United States.
What we can change in 2021 is the way we respond to these two ongoing threats. One way is to recognize and overcome “pandemic fatigue” and “caution fatigue”—intertwined emotional responses to the heightened state of alert we’ve all been living under since March. These forms of fatigue lead otherwise well-intentioned people to act carelessly or recklessly, more out of exhaustion than intention.
It makes psychological sense, though. “Caution fatigue” is considered a normal response to living under a heightened state of alert. Our brains activate a hormone called cortisol, which desensitizes us to stress and influences our behaviors, giving us an excuse to pay less attention to risky situations.
In the digital world, this feeling is well-documented as “security fatigue.” In 2017, the US National Institute of Standards and Technology said in a report that “people are told they need to be constantly on alert, constantly ‘doing something,’ but they are not even sure what that something is or what might happen if they do or do not do it.”
Four years later, the impact of cybersecurity failures is clearer. When the US Departments of Commerce, Treasury, State, and Energy have their emails hacked and Microsoft admits that bad actors accessed its source code, the threat comes into focus. But many business owners still operate with an “it can’t happen to me” attitude—especially when there are so many other issues to deal with during an ongoing pandemic.
That’s precisely the kind of exhausted indifference that hackers will try to prey on in 2021, though. As the holiday shopping season wrapped up last week, a new strain of malicious phishing emails emerged that tried to trick users into clicking on fake Amazon gift card notifications. The hot topic of vaccines will surely be exploited by the same bad actors who tried sending illicit CDC and World Health Organization updates back in April.
Without a fresh perspective on the cybersecurity threats to come in 2021, many experts worry that anxiety and burnout could lead to more human error. “When we’re anxious, maybe we’re more likely to fall for a phishing scam,” said Caroline Wong, chief security officer of cybersecurity company Cobalt, in a recent interview. “When I’m burnt out, maybe I’m more likely to purposefully or accidentally take some kind of a shortcut. Every behavior of an employee affects the security posture of the company.”
So How Can You Build on the Hope and Optimism of a New Year to Protect Yourself, Your Information, and Your Company in 2021?
Our modified pandemic behaviors put us at risk for cybersecurity problems more often. Far more people are shopping online, using new e-payment platforms, and tracking packages in the mail. Each step in that journey represents a potential “threat vector,” where a hacker could try to swipe your credit card number or trick you into clicking on a malicious link. Be cautious at each of those steps, looking for “https” in the URL of your favorite e-commerce website and confirming that shipping notifications are actually from UPS or FedEx before clicking links.
If you have kids still attending class virtually, they’re probably using their own devices and bouncing between platforms and accounts throughout the school day. You might not have much time to devote to their online behavior, but that’s a ripe target for cybercriminals who might try to capitalize on unsecured devices or Wi-Fi connections. Make sure “caution fatigue” doesn’t affect the students in your life by talking to them about safe online activities, reviewing their school’s IT policies, and checking the status of their devices from time to time.
This includes several different strategies that build on each other to offer overall protection. Start by creating strong, unique passwords—what the NIST calls “Memorized Secrets”—that combine easy-to-remember phrases with special characters like !, @, #, $, or %. Then, consider business-grade password managers, which automatically generate strong passwords for specific logins while requiring users to remember just one master password. Finally, activate multi-factor authentication (MFA), a login process that requires something a user knows (his or her password) with something a user has (typically a unique code or push alert delivered via text, email, or a dedicated single sign-on app).
No matter what kind of computers your company uses—or where and when your employees use them—they can be protected with proactive cybersecurity monitoring and management. A trusted partner can help you deploy the right safeguards at the right time, keeping every laptop, desktop, tablet, and phone safe for every employee of your business. That’s particularly important as remote work continues and hackers evolve their tactics in 2021.
Yes, 2020 is officially behind us. But just because the calendar has changed doesn’t mean that last year’s challenges will end. With renewed optimism and a fresh perspective, however, we can respond to those challenges in a new way, overcome “caution fatigue,” and be safer than ever.
If you want to leverage the hope of a new year and help your business thrive, contact CMIT Solutions today. We take cybersecurity seriously, defending your data and empowering your employees to work smarter and safer than ever before. Here’s to 2021 and heightened cybersecurity for all.