Professional Industries

“They Click too Much”: Revisting User-Centered Cybersecurity in 2021

Human Stressors 101

Your business depends on people. Humans drive it with strengths and weaknesses, emotions, and motivations. They’re both rational and irrational, often both at the same time. Research indicates that people actively seek out individuals who are similar to themselves, and they are more comfortable when they feel appreciated…


Paging Dr. Dumbass

Healthcare organizations provide a helpful example. The demands placed on technical professionals are extraordinarily high, and with human lives on the line, the stakes couldn’t be any higher. Within this high-tension environment, when a user clicks the wrong email or intentionally visits a questionable website, the response is often swift and negative… 


Shadow I.T. Is Your Friend

Security-aware users can be your primary source of intelligence. “Shadow I.T.” refers to users who find technological workarounds to problems that prevent them from doing their jobs… 


The Enemy of My Enemy

Users are not your adversaries. Just as your customers are not your adversaries, your organization needs end-users to survive. If they are properly equipped, your users can become your best line of defense against hackers. Users who are trained to identify threats are likely to spot an attacker’s presence before a technological solution could indicate a compromise… 


The Actual Target: Money

Users are not the target. For the hacker, they’re simply a means to an end. Attackers aim for financial gain, and they see a minimal profit in someone’s identity or personal wealth. Attackers use individuals as a proxy to access organizational data…


It’s not your fault, Will. 

Users are not at fault. The malicious actors behind cyberattacks work against the best interests of the users and the organization. Blaming a user is no different from pointing the finger at a family for having their house burgled. Although that family may have left their front door open, it’s unlikely that they intended to have their possessions stolen…


They Can’t Be Trusted

These issues are amplified in geographically dispersed organizations. Picture the bank with twenty branch locations, the healthcare system with ten critical care locations, or the manufacturer with overseas production. These organizations must customize their security controls to be effective in the place they will be used.…


Don’t Blame I.T. Either 

Lastly, this article may place more of the blame than necessary on the technical professional. Like users, they have an impact throughout the organization, but they’re motivated by their own personal job responsibilities. These technology professionals are often trying to do their jobs despite a severe lack of funding and support from executive management… 


The Solution: User-Centric Security 

What are your users trying to get done? Start there. When a security program fails to incorporate user-accessibility, it pits the user against the organization’s goals. When your security resources and business resources are working in competition, you’re not maximizing business output. A well-implemented user-centered security program will involve users in all aspects of the design. Security professionals will check their judgment at the door and build security around the larger organizational goals…