Usability and Security
Humans make mistakes. Some of these are simple errors, like a typo or misdialed phone number. Sometimes these lapses in judgement are based on erroneous internal cost/benefit analyses. In terms of cybersecurity, both of these types of mistakes increase risk. We’ve been doing some serious thinking and research about ways our products can reduce this risk, especially in terms of customer experience and ease-of-use.
According to a Ponemon Institute survey of CISOs and information professionals*, one of their biggest concerns was staff mistakes increasing cybersecurity risk. 54% of those same professionals feared they wouldn’t be able to reduce the employee negligence that increased risk.
They have a right to be worried. In a Biscom survey of professionals across twenty industries, 75% of respondents admitted to sending private, protected, or confidential data via insecure methods, most using email (learn more about our survey results).
These professionals had security training. They also had the tools to securely send that private data. Why did they make the choice? In their cost/benefit analysis the time saved using email versus available secure tools was worth the risk. Given they said it took them an average of six minutes to send information securely (versus less than a minute with email) it’s almost understandable. If you do the math, if someone is sending four messages per day that’s over eight hours a month and more than 104 hours a year. It’s clear why ease of use will win almost every time.
Usability isn’t a luxury, rather it’s a key feature impacting security through user adoption. It can’t be overlooked in designing security products used by employees and relied on to protect private business data. This is a lesson we are applying to our products.
A little over a week ago we launched our newest product, Biscom Transit. We identified the need for simplicity and ease-of-use and put a focus on designing a product that required no training and was as familiar as email. (You can see in the screenshot below.) We wanted secure messaging to take seconds, not minutes. Our initial users have found it’s easy to be secure. We’re continuing these efforts towards usability for end-users as we upgrade all our secure delivery tools.
While Biscom can’t alleviate all the risks of employee negligence that keep CISO’s and other security leaders up at night, we can reduce the risk of employees choosing less secure options because they are easier. When usability and ease-of-use are considered security features, they increase user adoption and help employees make the right choice. And that keeps your confidential and private information safe.
* Sponsored by Opus, the Ponemon Institute surveyed 612 CISOs and information security professionals as to their biggest cybersecurity worries about for 2018.