Striking the balance between digital security and usability

Rick Goud, Chief Information Officer at Zivver, discusses the importance of becoming a digital enabler through implementing accessible and user-friendly security solutions

Surely, you can’t have it all…well, actually you can. The common misconception among organisations is that digital security is complex as well as inaccessible, and it requires too many changes in the way that employees work. But, in search of the right trade-off between security and usability, a fundamental concept has been overlooked. Ultimately, it is increased usability that promotes increased security. Usability should not be equated with simplicity in technology. Easy-to-use security solutions that are intuitive and seamlessly embedded into everyday working lives, will enable the non-tech-savvy employees to participate in cybersecurity efforts. Without clear-cut, manageable measures, the end result will be low adoption rates among employees, in turn, making security risks far more probable.

Usability interlinked to adoption rates

Usability has a direct impact on adoption rates – if something is confusing or difficult to use fewer people will utilise it. The problem is that low adoption rates can be a real inhibitor to the success of a security initiative. Essentially, if employees are not operating a service to its full capacity, then it does not matter how much has been spent on the technology. Technology is one thing, but it only becomes beneficial when individuals apply it in a meaningful way. A key issue with many inbuilt security systems from email providers or supplementary applications is that data protection can only be achieved through behavioural changes or additional user actions. For us, we believe that the problem largely stems from this. The 21st-century employee is not only extremely busy, but they are also people of habit and often like to follow specific routines. Therefore, forced changes in working behaviour may seem unnatural to workers whilst additional user actions could be too time-consuming.

For instance, on Outlook the only way to encrypt an outbound email is by following a manual three-step approach. On some systems, we also find that recipients are required to create an account and log onto a separate portal. In this sense, we increase barriers rather than lower them and largely disincentivise adoption. Who is going to remember to activate these systems every time they send an email? Combined with this, we often see solutions interfering with employee workflow. Pop-ups, which are common on many security platforms, are very distracting for individuals and they can even become frustrating. With this in mind, it is understandable that security is not at the top of employee priority lists.

The harm caused by poor usability and low adoption rates

The importance of striking a balance between usability and security cannot be overstated. Without an effective and easy-to-use platform, the first concern is that data breaches are more likely. Sensitive information can be leaked either through human error internally or external threats. Organisations are then met with problems ranging from financial and legal implications to reputational damage, to name just a few.

The educational aspect of security is also lost. Higher adoption rates, due to a more usable platform, can serve the functionality of increasing employee understanding and awareness of security-related issues and encourage people to remain alert to threats. Organisations can also invest substantial amounts into IT budgets, particularly as the world becomes more digitalised. However, a platform with poor usability means that technology becomes irrelevant and underused. As mentioned above, low adoption rates make it even more likely for data breaches to occur, ultimately costing your company even more.

Becoming an Enabler: Striking the balance

It all comes down to being an enabler. It is about ensuring that technology is security compliant, integrated into the existing way of working, that it is familiar, intuitive, and recognisable for the people using it as well as intelligent in helping people make better decisions. Embracing usability and security should go hand in hand. They are not opposing ideas, but rather complementary terms that need to be fully embraced by the working community. From increasing employee productivity to instilling confidence in company operations, it is safe to say that engaging with a usable system has multiple benefits.