Do your employees skip cybersecurity protocols often? Do they frequently get hacked despite attending numerous training sessions? The problem might not be just them. It could be that the security controls are too stringent for the staff to follow on a daily basis. Remember, the rules and regulations are in place to ward off attackers, not the users. In this article at Dark Reading, Samuel Greengard shares how corporate security controls could be more user-friendly for end-users while still blocking hackers.
Security Controls: How to Go About It
“Design and usability are pillars for strong security,” says Resilient Software Security founding partner Damilare Fagbemi. If you design the user interface according to users’ needs, you will find more acceptance of your corporate security controls. People use these interfaces for daily tasks like checking emails, websites, apps, physical paperwork, etc. But to get access to proprietary assets, employees go through two-factor authentication, carts, etc. Adding this layer of security restricts them in some ways. So, let’s find out how you can have more robust security controls without compromising the user experience.
Easy Design But With Security Controls
When developing a secure design for the end-users, you must have one thing in mind: it should frustrate the attackers, not your users. Amber Lindholm, Cisco’s head of design for Duo Security, insists on this concept. For instance, people will switch off the security controls if a system continually wants users for login credentials.
Design to Discourage the Bypass Culture
Make cybersecurity controls more intuitive. This will enable users to follow protocols more often. For instance, a password manager instantly informs what constitutes a good password with a red or green indicator each time it gets a character input. Informed users make better decisions. Repeat the process every time they change passwords because people tend not to change them often.
Information at the Right Time
People do not remember things as much as you expect them to. So, providing them with the relevant information when they need it can help them waste less time. For instance, the emailing system starts reminding the users when their password will expire through emails or system notifications days in advance. Do you want people to have better cybersecurity controls? Work on inculcating a behavior that aligns with the corporate security controls and culture.
To view the original article, please visit this link: https://www.darkreading.com/edge-articles/embracing-security-by-design-part-1-security-isn-t-a-pretty-picture
