Why User Design + Cybersecurity?

I asked the trendy ChatGPT about this and got the following response:

“User-designed cybersecurity refers to the process of individuals or organizations taking proactive measures to protect their computer systems, networks, and data from cyber threats and attacks. This includes implementing various security measures such as firewalls, antivirus software, encryption, strong passwords, and regularly updating software and systems to address vulnerabilities.

In user-designed cybersecurity, users take ownership of their security by understanding the risks and taking steps to mitigate them. This differs from relying solely on technology or relying on a third-party service provider to take care of security.

It's important to note that user-designed cybersecurity is not a one-time effort but a continuous process of assessment, implementation, and improvement of security measures. Regularly educating users about potential threats and how to avoid them, as well as staying informed about the latest trends in cybercrime and updates in security technology, can help keep a system secure.

In summary, user-designed cybersecurity involves users taking a proactive approach to protect their systems and data from cyber threats by implementing security measures, staying informed and educated, and continuously assessing and improving their security posture.”

I don’t agree with all the points. This is because there are a variety of different topics mushed into one big one. This causes problems. It caused problems before AI would write something up. 

How many times are the right people in the room? Who are the right people?

Well, that is why we started On The Terrace Tech. We are two women in tech that only figured out that we needed to be in the same meetings by chance — time and time again, we found ourselves dropping the sister hat and putting on advisor hats for each other. Beth once casually mentioned she was getting ready to do research in Australia for the first time and Jo put on her cybersecurity hat to help Beth not break the law, because she had no idea at that time that Sydney had much more stringent data collection rules than she had imagined. It works both ways — We discuss lots of hypothetical scenarios to illicit a response to a problem from work. 

I once explained that if you apply cybersecurity after something is already built that you are essentially just wrapping a blanket around it and calling it secure. I am all for sitting on the couch wrapped in a blanket to feel better, but that is simply an emotional security and not actual physical security. 

About two months ago, I asked my sister if she was ready to use the password manager. She said, “2023 - yes. Right now - no.”. This was a long back and forth for a long time that I did not realize that you cannot just ask someone to use a tool because it is secure. I live in the cybersecurity world where anything to be a bit more secure is better. EXCEPT, it is not when you are trying to use something that does not make sense to you and most likely are making things less secure…yeah, that hit me hard. It hit me hard because I want everyone to be secure and safe and I can’t do that if they are not ready to accept that new responsibility in their routines. Think of this like growing up in a neighborhood where you locked your door all of the time or maybe it locked automatically and then, you moved to the middle of nowhere and did not need to lock your door because literally no one just stops on by. You still lock your door because it keeps your possessions safe because you never had your possessions stolen when you locked your door. Now, flip that scenario - have you ever had your possessions not stolen when you did not lock your door? Everyone has a different combination of experiences that change how they take on new technologies and tools. This is where design is VITAL to the success of cybersecurity. 

One of the very valid reasons Beth hadn’t adopted a password manager was that she had done a round of research and talked to a lot of people about how they kept their most important documents secure. LastPass seemed like a good idea, but people didn’t know how to get everything in there — and it didn’t feel safe to have all of their  passwords in one place. It turns out the users had two big insights: It wasn’t safe to keep all your passwords in this particular place — and it failed in design —-lots of super smart people couldn’t make the tool work with their lives. 

Users cannot magically adopt technology and tools when they are not created and tested to be user-friendly. SO, how do we make that happen?

One of Beth’s favorite things she learned while helping me study for an exam was that the user is always the weakest point in a security system. If you don’t secure the user, you don’t have a secure system. This made her think it was time to ask more questions at work about user-centered infrastructure instead of thinking this was someone else’s job. It’s imperative we design systems that allow people to understand how security is important to them and making clear they have a role — and power—  in their own privacy and protection. 

But, as I learned with Beth, we can’t just hand  people password managers, antivirus tools, and VPNs to turn them into a cybersecurity militia. All of this needs to work with their real lives, real knowledge bandwidths, and be relatable — or we all risk just spending a lot of money and effort on security can check a requirements box, but doesn’t actually work. 

We are here to help you with implementing a security-by-design approach in everything from basic password management to the trickiest part of your system, the users, so you can know your investments and efforts are going to stick — and, hopefully, change your security culture from it is a problem for the IT department to a daily effort from every user.