Security versus Usability

 

Whether a large corporation that has been a victim of a large ransom ware demand, or a regular user whose Facebook account has been hacked, cyber-attacks can and will happen to anyone. According to the Information Commissioner's Office, n.d., there are a few things that can help keep you safer from online criminals:

·        Backup your data, keep the data offline, and control who can access to it

·        Use strong passwords, use different passwords between systems or accounts

·        When on public or shared wifi, make sure it is a secure and safe connection

·        Don’t open or respond to suspicious emails

·        Always install anti-virus or anti-malware protection and keep it up to date

·        Lock your screen when away from your system (this includes Kindles, tablets, cell phones, etc.)

·        Do not keep data longer than you need it

·        Dispose of old electronic devices securely, all of this data can pretty much be recovered

With this being said, it is easy for people to go overboard applying security controls that either make systems so secure no one can access them, or that users bypass security measures to enhance usability. One example is that users have been known to bypass physical security measures when they become too intrusive or even faulty. Employees have been known to prop open secure doors, completely circumventing security measures in some cases because the door lock or badge reader is defective or faulty. Also password complexity can be too intrusive and complex sometimes requiring extremely long passwords, short password expiration dates, password history, or other rules that force the user to write the password down, further compromising the system, instead of securing it.

For this reason, there must be a defined line between system usability and system security. Forbes states that in order to properly understand usability, you must appreciate what users are trying to do and make it easier for them. When designing security, it is important to draw a thick red line around things you are trying to keep people away from. You can then strike a balance between what users are trying to do, what the risks are, and what can go wrong (Surdhar, 2021).

Helios Solutions suggests using the security by design approach, adopting and integrating security into the beginning of the development process and not at the end of it. This approach allows security to be part of the initial design and not added on later, avoiding costly, added on security measures (Helios Solutions, 2019). In any given environment, one security factor does not outweigh another. Think of security like an onion, it should be applied in layers, to create a full, secure solution that makes illegally accessing your information more difficult with each layer that is applied.

 

References

Information Commissioner's Office. (n.d.). 11 practical ways to keep your IT systems safe and secure. ICO. Retrieved May 10, 2022, from https://ico.org.uk/for-organisations/sme-web-hub/whats-new/blogs/11-practical-ways-to-keep-your-it-systems-safe-and-secure/

Security vs. usability: Finding the right balance in enterprise apps. Helios . (2019, November 15). Retrieved May 10, 2022, from https://www.heliossolutions.co/blog/usability-vs-security-finding-the-right-balance-in-enterprise-app-development/

Surdhar, P. (2021, January 8). Council post: How to achieve balance between cybersecurity and the user experience. Forbes. Retrieved May 10, 2022, from https://www.forbes.com/sites/forbestechcouncil/2020/05/26/how-to-achieve-balance-between-cybersecurity-and-the-user-experience/?sh=2dd5cb10ba7d