What’s the best way to make a computer secure? Unplug it from the internet, turn it off, and put it back in the box. True though that may be, forcing your entire team to shut down their laptops and lock them away is unlikely to be great for their productivity levels. Like many jokes, though, there is a grain of truth. Yes, we could maximise the security of all our devices but if, in doing so, we make them unusable, then any security benefits are pointless.
Instead of getting in the way of users doing their work, good security should support and enable your business; adding benefits without slowing things down or adding costs. But how is that possible?
Making security usable
Many people see security and usability as two opposing ends of a scale; thinking that as you increase one, you decrease the other. However, this model encourages us to think of measures which are excellent at improving security in theory (such as long, complex passwords) but which have little to no impact on, or even damage security, in practice (e.g. users re-using passwords across different services).
Presented with two equally straightforward ways of completing the same tasks, one more secure than the other, users will generally make the right choice. However, if the secure way is not usable (e.g. too complex, time-consuming, or stops the user from doing what they want) then people will usually find their own solution. The users’ own solution will get the job done, but will it be secure?
In the past, users have been punished for finding their own solutions to problems like this. Now, we realise this is the wrong approach. After all, if the security team’s approved procedures mean that work grinds to a halt, are users really wrong to look for alternative options?
So, how can we help users to work securely?
It isn’t always easy to make security usable, as anyone who has ever attempted to use email encryption will attest. Your security and IT support teams may have to do some work to make things simple for your users but, nevertheless, here are some things you might want to consider:
Secure by default
When you’re buying or sourcing new technology, aim for systems and devices where the most obvious way to use them is also the most secure. Most new smartphones, for example, are encrypted by default, which makes them much more secure.
Take the strain
Find ways to take the effort of making things secure away from your users, and make their lives easier. Allowing your users to use a recommended, secure password manager, for example, will make it much easier for them to choose – and use – a strong password.
Make it practical
There’s no point at all in having pages and pages of security procedures in a big manual that none of your employees have time to read. Instead, keep it simple, talk to your team, and find out what measures you can put in place that will both improve security and make your company run more smoothly.
Advice and support
If, though, you don’t have the time, knowledge, or expertise to put all of this into practice yourself, our experienced Glasgow IT Support staff can help. Contact us today.