Cybersecurity: It Only Helps If You Can Use It

Written by Dominique Engome Tchupo, Ph.D.
Senior Human Factors Researcher
Jumpseat Research

Overview

With the increasing dependence on the digital world, cybersecurity has become more and more important. The COVID-19 pandemic especially moved even more things online with the uptick in remote work and learning. This increase in online presence led to an increase in the need to keep ourselves and our data safe online.

With more interest in and competition in cybersecurity, there has been extra scrutiny among consumers when it comes to their cybersecurity tools. This has made it so that in addition to providing the necessary system securities, there is a need for a smooth and seamless user interface, for the users to understand what the system is doing, to pay attention to important alerts, and understand what they need to do. As such, the importance of UX and human factors in cybersecurity is more important than ever.

Corporate Cybersecurity

One aspect of cybersecurity widely discussed is at the corporate level. It has always been important to protect company trade secrets and client information, but with employees becoming remote or hybrid, the need has grown. There is an added need for companies and corporations to make sure that the people accessing their data are, in fact, employees and that there are no breaches on the employees’ side either.

Multiple companies have systems that provide various levels and types of protection for companies, systems that employees outside of the IT team might never even realize exist as they do not directly interact with them. Many UX resources have been involved with developing those systems and integrating them seamlessly into other essential business software and platforms.

Individual Cybersecurity

At the individual level, various things need to be considered. In many ways these are similar to corporate-level considerations and simply need to be tailored to individuals with various levels of tech knowledge.

One main differentiator is the level of understanding of the importance of cybersecurity and what the tools are. Corporations typically have an IT department or person who understands the cyber security needs and systems. This department would implement the most suitable security systems and only disseminate the necessary information and procedures. Individuals, however, are solely responsible for getting information about cyber security systems, threats, and implementation.

User Education

One important role that UX plays when it comes to individual cybersecurity is to properly educate users on the benefits and need for various features. The most well–known piece of cybersecurity is the use of an antivirus, but is that where personal cybersecurity ends? No, in fact, the most popular antivirus software platforms also provide other cyber security services such as VPN, identity theft protection insurance, password management, and dark web monitoring.

These additional services come with a price tag, so many opt out simply because they do not understand the benefit of the services. UX can help accentuate this need and their importance and change behaviors through effective communication. Systems can be built such that users understand their importance and how to use them once implemented.

User Trust

Another “human” element that can easily prevent a perfectly programmed cyber security system from working is that of trust. Is the user jaded by being bombarded with safety warnings at every turn? Does confirming higher security measures restrict them from effectively doing their work? Do overblown threat messages lead people to think “there’s no way it’s that bad?”. These questions show the biases people bring when deciding whether clicking through can be harmful.

Additionally, trust in the product being secure is not limited to the product alone; the brand itself needs to be perceived as trustworthy through effective branding and reputation management. UX can help tailor messages to convey trust in the products and brand.

The second aspect of trust deals with over trust. Messaging must be conveyed so that it is easy to understand and delivered so that users understand risks addressed and limitations of the product.

For example, when navigating to a webpage or downloading a file, a warning message may pop up. Does the warning convey the information properly so that users understand that, if they proceed, the cybersecurity product might not be able to protect them? Do they understand why they are getting that message in the first place? Proper application of Human Factors tools and knowledge can ensure the answer to both questions is yes.

Figure 1: Warning received when visiting a potentially unsafe site

Corporate Cybersecurity UX/HF Considerations

In summary, Human Factors and UX play a critical role in keeping things secure from the cloud to the core to the edge. As employees become more direct users of every level of business platforms, elements of the technology and biases they bring to the table are critical to ensuring the success of a security program. User Awareness of issues, steps to take to protect themselves and corporate interests, and ensuring user compliance all lead to minimizing human error. This ensures that the hard work of security program managers and implementation teams does not go to waste.