Usability in Security

December 18, 2019 John Janek 0 Comment

Increase your security with a healthy dose of usability

How often have you spent precious time typing information into a form online only to be confused by validation warnings, confounded by instructions, or blocked by drop-downs that obscured something you needed to see? And when you finally do get all the data in just the right places, in just the right format, you hover over the “Submit” button just long enough to think, where does all this go? 

If that reads like a familiar story, you experienced an interesting intersection of design and security.  Although security isn’t the first thing that pops into your head when someone deals with usability and experience, it may just be the one that determines how likely you are to click submit. When you click that button at the bottom of the form, you’re trusting the receiving party to manage that data responsibly. 

Trust—in delivery, security, and experience—was the message of our recent collaborative session with Molly Moran. Molly is faculty at Miami University’s Armstrong Interactive Media Studies program where she teaches design and innovation. Her previous roles include managing the Department of State’s extensive embassy website program and leading the Secretary’s Office of Research and Design. We asked Molly to join us to help cap off National Cybersecurity Awareness Month. Her great storytelling from a deep background of national security and design experience delivered some powerful insights.

Molly highlights two simple and effective goals when dealing with security and usability. These two keys can help build trust in digital transformation efforts and are based in years of experience working on design and digital transformation.

1) Design digital forms to look and feel like their paper counterparts

Humans are driven by outliers. The more that is different than what is expected, the more we notice those changes and are more likely to be distracted by it. And we know distractions set the stage for incidents, unintended, malicious, and otherwise. One of the simplest methods of reducing the tendency for outlier distraction is to simply take what exists and move it to a digital format.

The downside, of course, is that most of the time this type of move ends up being just a fillable PDF.  That isn’t really the point. Take the opportunity to move to a digital environment by creating database and data-driven environments. When creating the front-end, however, strive to get the workflow as close as possible to the original paper forms or their manual efforts. This will reduce the tendency to focus on what’s different, and channel the energy into making sure the entered data is correct.

2) Communicate who has access to the data and how it is used

Simplicity is critical. People are more likely to share when they know where and how information is being used. For example, Google Docs does a great job of showing a simple to use dialog of who has access to your information. It holds extensive audit chains showing what was done with that information, too. It’s more than the government mandated “purposes of collection” statement that we’ve all grown accustomed to.

Be transparent with data, tell someone contributing to a data set or database who will manage their information and what that information will be used for in plain language. If possible, give them the opportunity to see who has accessed and used their information—and for what purpose.  You’ll build trust and increase the likelihood of quality data being entered into your system.

Trust is necessary in any exchange of data and information. The higher the trust, the more likely to get the right information, the right way, the first time. You can assess how people interact with your apps and the security of the information being entrusted to you by adding these two goals to your processes.