Cybersecurity isn’t what it used to be. Safeguarding the information of companies and customers used to be the sole concern for those in the IT security profession—but no longer. Now, the user experience must be considered, as well.
Digital is poised to pervade every facet of life not only because it makes living easier, but also because it’s fun—by design. Likewise, to do security right, companies have to ask not just whether it works, but if it’s user-friendly—simple to navigate, reliable and pleasurable to use.
To get there, cybersecurity professionals might ask what they can learn from other professions. That might require putting on not only thinking caps, but also, at various times, an artist’s beret, Sherlock Holmes’ deerstalker, a brigadier general’s helmet, a blackjack dealer’s visor. It might require a psychologist’s couch, a teacher’s yardstick and a coach’s whistle, as well. And that’s only the beginning.
A few examples:
—Meteorologists track weather systems and consider past events to forecast where those systems will go, how they’ll behave and what risks they pose. Other industries, including retail stores and Wall Street, use trend-tracking maps, as well, and no wonder. Providing an organized, big-picture view, maps are easy to understand. Should information security professionals do the same, using data-generated maps to assess where the next systems attack might come from, who might be targeted and the nature of the breach? This would give the user a useful “big-picture” look at security threats—past, present and future.
—The pharmaceutical industry uses RFID chips to track drug shipments, and law enforcement places them in certain medication bottles to capture thieves, giving customers an added measure of confidence and safety. What if company systems tagged data in a similar fashion, tracking it wherever it goes and allowing users to retrieve theirs—to snatch it back from hackers or even recall files sent in error? Not only would users know precisely where their information was going and who was viewing it—invaluable to law enforcement—but they’d have the power to erase it instantly, hopefully before it reaches the “darknet,” the Internet’s black market.
—Credit-card companies in Europe offer “smart cards” with debit, credit and phone-card features. If lost or stolen, these cards self-destruct after a number of failed attempts to access their data. Could corporate IT security departments program data to self-destruct when someone tries to view it on an unauthorized device? Like the best security measures, this feature would protect a user’s information automatically, with no effort on their part.
—The entertainment industry has already figured out how to transform the security experience. One group of popular theme parks has eschewed the cumbersome password in favor of colorful bracelets that identify their wearers with a swipe of the wrist, unlock hotel rooms, simplify purchases and make efficient and effective security more enjoyable to use.
Most people don’t want to think about breaches, identity theft or hackers. The risks users encounter every time they log on are very real, but users don’t want to be reminded of that. Taking a cue from other professions, can we consider our customers’ convenience and even their delight while keeping their information safe? How can IT professionals sugarcoat the security pill to sweeten the user experience?
—Produced by Dr. J.R. Reagan, global chief information security officer, Deloitte Touche Tohmatsu Limited, and originally published by Deloitte University Press.