The Longest Running Grudge in IT History: SECURITY VS. THE END USER!! Don’t Miss it!!
The push-pull dynamic between strong data security procedures and the poor souls known as end-users (and we’re all end-users, even IT service companies), has tended to result in the end-user bearing the brunt of it.
Isn’t that just the price you pay for keeping your business secure? So it would seem. In order to prevent other computers from hacking our systems, we – the employees, the customers – are forced to act like computers ourselves. Except we can’t.
The thing humans are great at? Avoiding things, they don’t like. Who can remember a system generated password – that nonsensical combination of symbols and letters and numbers – let alone hundreds of them? No one. The result is that almost no one uses computer generated passwords when given a choice. They create easy-to-remember, obvious passwords that are ultimately easy to guess.
This is not to denigrate end-users (aka human beings), far from it, end-users deserve a simple, seamless UX (user experience). The downside of not having one is decreased security. No matter what the procedure entails, it will at some point involve human interaction, and security procedures above all, need to factor in the human element.
Consider Your Industry, Your Product, Your Users
Realistic expectations are a crucial piece of every threat assessment. Every business needs sound security procedures, but not every business requires an identical degree of security. For example, if you’re accessing your online retirement account, you’re probably willing, even relieved, to accept certain hurdles to accessing your information. On the other hand, if you’re trying to access a recipe in your meal planning app, and the process isn’t seamless, you’ll order takeout, and the meal planner will lose a customer.
Now, the meal planning app still needs high quality data security procedures, but a threat assessment that is factoring in the end-user experience, will consider which types of data are most vulnerable, and where to establish protections, such as requiring the user to log-in (authenticate). For example, the meal planning business might decide that browsing recipes is something customers prefer to do without the bother of a log-in. Their credit cards and other personal information obviously require stellar data security.
Make it Fun
Or at least not awful. Continuing with the authentication (log in) example, but switching from customers to employees, what if employees solved a simple math problem (that refreshes daily) in order to log in to a business application, such as a CMS? Maybe it’s an easy riddle or a meaningful sentence that hacking software can’t guess? Yes, it means more thought, and in a sense, keeping ahead of AI – but that’s just one of many things that mac-tech is here for.
In a recent article, we talked about the interrelationship between trust and data security. On the surface, paranoia would seem a better synonym for data security. That couldn’t be further from the truth. When it comes to your employees, take steps to assure them that they are trusted and valued.
Does this mean every employee has access to every bit of data your company owns? Far from it. You should delegate access according to what each employee must know in order to do their job. We recommend using security and workflows that don’t frustrate employees by opting to hide certain files and folders based on access rather than displaying them with lock symbols or the like. The former keeps their lack of access off employees’ “attention horizon”.
The same goes for complicated, but unavoidable, security procedures that employees must follow. Be sure they understand that these procedures are in place to protect the employee’s highly valued work, and you could even go so far as to acknowledge that they aren’t fun, and you’re always looking for ways to make them better, if possible. And then do it.
Issue Mobile Devices
We’re not going to make sweeping predictions about the future of work, but we will say that remote work, in some form, is not going away anytime soon. The safest thing you can do is issue remote devices to your employees and develop a smart mobile device management strategy. Many companies, even some larger ones, did not have time to sort that out during the height of the pandemic. No one is more sympathetic than mac-tech! Check out some of our experiences here.
Mobile device management is not only worth the investment, its far safer and far easier on your employees, your end-users.
And before you go, one final thought…hackers understand the value of end-user experience perhaps better than anyone. They test and refine until it’s perfect. Why? Because they are as dependent on your end-user as you are.