Security is an interesting issue for the digital age, because it takes so many forms and can be handled in so many different ways. Almost every device, app, and piece of software is going to have vulnerabilities, and most reputable businesses make it a top priority to minimize those vulnerabilities.
Better By Design
The conventional and intuitive way to deal with this is to improve the architecture of your products. For software, this means scouring the code and looking for exploitable patches that a cybercriminal could tap into. It also means releasing frequent new updates to keep up with the latest standards and guard against known threats.
But this approach can only get you so far. It neglects the fact that the majority of cybersecurity breaches are the result of human error—up to 95 percent of them, actually. No matter how well you program your hardware and software, if a customer leaves their password on a sticky note next to their computer, they could feasibly be the target of a digital crime. Even if your smartphone can be locked with multiple different passwords, it won’t matter unless customers are actually using that feature.
The Prospect of Design
So what’s the solution here? You’ll never be able to guard against all forms of human error, but what you can do is improve your design so it naturally encourages your users to adopt more secure best practices when using your devices and software.
These are some of the best ways to do it:
1. Password feedback. Passwords are notoriously easy to guess. Millions of people still use basic passwords like “password” or variant number sequences like “123456.” The best passwords are ones with lowercase and uppercase letters, numbers, symbols, and of course, lots of characters. You can help your customers develop better passwords by giving them instant feedback on their passwords as they create them. Make active recommendations, and don’t let them sign up with something weak.
2. Automatic logouts. Most secure systems already offer this, but it’s a basic design feature that bears repeated recommendations. If your software requires any kind of login, it should be designed to automatically log your customers out after a specific period of time. For highly sensitive apps, like those offered by banks, this period should be a few minutes. For others, it could mean hours or days.
3. Password change visibility. Even a strong password isn’t a guarantee that you won’t be hacked or compromised. You should be changing your password regularly—and most customers aren’t doing it. Your design can persuade customers to take this action more frequently by making the password change feature more prominent and easy to pursue.
4. Reminders and notes. Your app should also be capable of monitoring certain activities your users take, and giving them reminders or notes as prompts to prevent any erroneous actions. For example, you might caution your users against opening attachments from unfamiliar senders in an email app, or remind them that they haven’t yet enabled two-factor authentication for heightened security.
5. Best practice guides. Some customers simply aren’t familiar with best practices for cybersecurity. If that’s the case, it should be your responsibility to make them familiar. Include a guide to security best practices on your site, and advertise it via email or social media. This should include tips on how to avoid phishing schemes, information on how most cyber breaches occur, and the importance of operating on a secure network (among many other tips).
6. Visual illustrations. Your written guide may be helpful to some users, but if you want fuller adoption, you’ll need to illustrate those tips in some visual format throughout your app. For example, you could show users a popup graph that explains how the bulk of cybercrimes are committed, or provide a visual tutorial on how to reset a password.
7. Signature visual branding elements. You can also reduce the number of phishing schemes your customers fall for by presenting more signature visual branding elements. This can help your customers distinguish between individuals masquerading as your brand and the “real deal.” It also has the added bonus of making your brand more readily identifiable, and could help in your marketing initiatives. While you’re at it, be sure to include information that your brand will never ask its users for their passwords directly.
Will these design elements keep all your customers safe no matter what? No. There’s no such thing as an “unhackable” technology—even among our most advanced hypothetical prospects. There will always be security vulnerabilities, and there will always be customers prone to making mistakes. All you can do is improve your design, and hope that it significantly reduces the number of incidents with your device.