You Are Not a Machine: Why Security Should Be Designed for the People Who Use It
Here’s a paradox. We have deep emotional connections to our phones. 94% of us described the feeling when we misplace our phone as “panicked,” “desperate,” “sick.” It’s our connection to the world, our personal assistant, and our teenage diary all wrapped up in one. This is probably why 49% of us say we’d be upset if our texts and messages were viewed by our significant others, someone we trust (or should trust) very deeply. If our phones are so close to our hearts, then, why is it that half of us don’t bother setting up a passcode on our phone?
Too often security is something that we have to work through rather than something that works with us. Which means we work around it. “I open my phone 30 times a day,” says Steve Kirsch, founder of a password management company, “why would I enter a four-digit code and subject myself to that agony? It’s wasted time and effort.”
It’s not just limited to mobile devices. Three quarters of us will forget at least one of our passwords this month, and will lose sometimes more than half an hour trying to get back into the application. Multiply that with the number of us working in a single office and that’s an enormous amount of time and effort wasted. Even when we protect our computers with passwords and firewalls we sometimes trust the wrong people, click the wrong link, or work around something that gets in the way.
We aren’t scofflaws laughing our fool heads off at every patch we don’t download and application we don’t log out of. We have the best of intentions. We just want to do our best work without being slowed down.
Sometimes we screw up, and sometimes we get tricked, and sometimes someone watches us put the key under the front doormat. Most of the time it doesn’t catch up with us. But when it does, it catches up in a big way. Sony got caught with passwords like “password” and it cost them $100 million dollars.
Even the most foolproof security suite doesn’t work when people work around it, and infosec fails the moment they forget that people are the most important part of security.
We have to change the way we think about security usability.
For the past decade the minds here at Allure Security Technology have been working to shift the paradigm from focusing on protecting machines and data to protecting people. Cybersecurity is fundamentally the study of human behavior, so it makes sense to research how humans interact with security. What we’ve learned is that your relationship with your devices is as personal as you thought, that real security comes from understanding both where your real risks come from and understanding human desire and curiosity.
We’re calling for security that recognizes you for who you are, respects that you have a job to do, and helps you do it. Security that doesn’t treat you as a risk to be monitored or categorizes you as part of a group rather than seeing you as an individual.
What we’re talking about is security for people, not machines and that’s the primary focus of this blog.
In upcoming posts we’ll explore the relationship between us and our devices, security usability, human behavior, privacy, and how security is fundamental to human creativity. We’ll also look at how cognitive computing has the potential to transform the way we live and work.
If you want to find out more, don’t be afraid to look us up here.
Originally published at www.alluresecurity.com.