Ask Floh: What is security fatigue?: Peerio
November 29, 2018

Ask Floh: What is security fatigue?

In this week’s episode of Ask Floh, we learn about security fatigue and what to do when you’ve been stricken by this affliction.

3 takeaways:

  • Security fatigue happens when you consume too much info about security and lose all hope
  • What to do? Evaluate what your actual security risks and threat levels are
  • Focus what it is that you’re trying to protect, don’t get overwhelmed by every possible threat

A study from the National Institute of Standards and Technology (NIST) found that security fatigue can lead to people taking cybersecurity risks at work and in their personal lives. Don’t let this happen to you. Combat security fatigue by learning more about cybersecurity first steps, how to build a better security culture in the workplace, and by following this password best practice (hint, stop changing your password every 30 days).


Hello, welcome back. This is Ask Floh, your favourite set of clips about cybersecurity and how to stay safe online.

So we have a question via Twitter this time and it’s from Emma and Emma would like to know what security fatigue is.

Security fatigue is a malady that may afflict you when you spend way too much time reading about security, or watching security news, or listening to security podcasts, or just ingesting information about security via any of the many means available to you. And what can happen when you do this, is that you can fall into a terrible abyss of existential dread and decide that nothing you can possibly do will ever protect you, and every state agency ever, as well as criminals and random hackers are out to get you, and basically all of your data is already forfeit.

So security fatigue is why I like to always tell people that the first thing that they have to start with is evaluating what their actual problem is, with respect to security, what their valuable information is, and take it from there, because chances are that you listener, watcher, don’t have to deal with state agencies. Most people don’t. Most people are not under direct threat from any state-level actor. And while there are maybe threats that you have to deal with on a regular basis and some are worse than others. And maybe in some cases you do have to deal with some state agencies.

Everything is is really relative and everything is different for everyone. And it really depends on what your goals are, what you have to protect, and what your data is. And so the first step to avoiding security fatigue is to really focus on what it is that you’re trying to protect. And do not get overwhelmed by all of the possible threats that might not pertain to you.

I hope that was helpful and see you back here next time. Bye.

Related stories

Ask Floh: How to get started with cybersecurity in the workplace

Ask Floh: How to build a good security culture at work

Ask Floh: Why you don’t need to change your password every 30 days

You know what’s better than secure team communication? Nothing. Peerio gives you a super secure way to chat with your team, store and share files, all in one place. Every message and file stored and sent with Peerio is encrypted end-to-end by default. Learn more.