This is Too Hard
If users are frustrated by security controls or policies, it’s probably because they see these policies as a hindrance to the execution of their job responsibilities. It’s no secret that highly technical people are less likely to consider the user experience (UX) when designing systems. I’ve been guilty of this myself. We can learn from UX design when designing security controls. Good UX enables the workflow by eliminating stumbling blocks and choosing good defaults, among other things. But security does almost the opposite, right?
If you want to send sensitive information, the e-mail should be encrypted. This means:
A. Recognizing when encryption is necessary (uh oh, decision is left in user’s hands).
B. Remembering to toggle the “on” switch for encryption.
Passwords are another recurring hurdle for users. They must be updated every X days and several issues arise:
When a password expires, access is blocked until the password is updated.
The password must meet several requirements: length, upper- or lowercase, numbers or symbols.
Oh, and 10 prior passwords cannot be repeated!
What do users really think when they see that “password expires in 10 days” reminder?
Unfortunately, there aren’t many ways to simplify existing tech security controls and procedures. But, creating a feedback loop can make the process more palatable for users. Provide guidance, ask for feedback. Let them know to ask for help when a security feature is impeding their workflow. This should create a feedback loop that informs future training content, makes the process easier, or eliminates what isn’t necessary.
Add a “Was this helpful?” form to each online help page.
Develop a semi-annual survey.
Provide a survey link to a specific set of instructional technology guidelines.
Review the feedback, implement improvements as time permits, and then let your users know about it. The feedback loop will continue as long as users see their feedback affecting change.
And don’t forget to let your vendors know what you’d like them to change. They need the feedback loop as well!