Security and User Experience: Best of Friends

Dynamics 365 Business Central

By Steve Le Monnier, 02 February 2021

Information security is a big concern, not only for regulators but also for the many people who regularly use online services to complete tasks - from day-to-day interactions to more complex activities that might involve financial transactions or sensitive personal data.

 

Steve Le Monnier discusses the relationship between security and user experience, and how the latter can be very much enhanced by the former.

 

 

Security isn’t an option

 

Phishing. Ransomware. Malware. Trojans. Data manipulation. Personal data theft.

 

One would be forgiven for believing that online experiences in 2020 are straight out the wild west, with everyone taking significant risks every time they open the laptop or swipe upwards on their phone. But that’s not the case. Many people are moving significant chunks of their lives and their personal data into digital spaces and, while attacks happen and sensitive data occasionally falls into the wrong hands, these are relatively rare cases. And that’s due to security being taken very seriously by many development and programming professionals, with high standards and excellent practice being carefully considered from the outset of every project. For them, and for us, security isn’t an option - it’s a key part of every foundation.

 

 

Interface, usability, security

 

Some will be familiar with the term Human Computer Interaction and Security (HCISec), the study of interactions between people and computers specifically relating to security. Without delving into the academic detail, this area of study reveals some key insights that might seem obvious, but often fall by the wayside.

 

Firstly, problems relating to both user experience and security often share several familiar features:

 

  1. Security elements were added as an afterthought rather than being by design.
  2. Interface designers and programmers aren’t usability experts or lack the knowledge required to create strong, deeply embedded security foundations.
  3. Security features are added hastily, without detailed planning - often due to a trigger event or a sudden change of legislation.

 

These issues can be solved or avoided by adhering to basic principles of design, security and usability; principles that technical consultants with extensive experience apply day-in, day-out:

 

  1. Plan ahead and don’t underestimate the time required to successfully complete a project’s discovery phase. This is when security and user journeys should be fully understood and mapped out, becoming the bedrock of the website, system or application being developed.
  2. Keep it simple. Often the most obvious yet difficult principle, simplicity requires discipline and a willingness to strip features back to the absolute usable minimum.
  3. Focus on quality and be consistent in the application of that quality, reinforcing trust and positive perceptions at every touchpoint.
  4. Remember that the interface is ultimately a human one. Keep human motives and aims in mind at every stage.

 

 

A shining example

 

Organisations such as the Jersey Office of the Information Commissioner (JOIC) are the gatekeepers of data protection, with a responsibility to demonstrate best practice in information security while continually improving the privacy and information rights of individuals in Jersey. Their system and online portal must be highly secure but, with many individuals and organisations using the JOIC’s online services daily, the platform must also be highly usable.

 

Practically, this means combining custom development and encryption techniques with best-in-class CRM and accounting software, embedding secure data transmission in the foundations of the platform. The result is a seamless online experience, with relevant data securely accessible to all. JOIC clients also benefit from the JOIC team’s ability to handle enquiries and complaints with ease, using a system that provides the right customer relationship tools within a highly secure, trustworthy environment.

 

 

Regulation doesn’t mean restriction

 

For many businesses, data security is intricately linked to regulation. GDPR and data protection are clear examples. But regulation doesn’t necessarily need to mean restriction; it can instead be an opportunity to improve processes, apply best practices and be creative with customer experience. Continuing with the GDPR example; factors such as cookie consent messages, data collection transparency and opt-in options can all be opportunities for website and system owners to take a step back and review how their customers view and use the website or system. In this sense, regulation can be seen as a guiding hand pointing to good practice, rather than a battering ram forcing change on resistant organisations.

 

 

Enhance experience and build trust

 

Ultimately, successful user experience is about building trust in an organisation and, more specifically, its ability to efficiently and safely interact with its customers. Well designed interfaces and strong usability are vital, but the resulting impact on customer confidence, comfort and security has a far more powerful effect on organisational performance. Security and user experience can be best friends and, when combined effectively, can lead to tangible business benefits.

 

Get in touch

If you’re looking to improve your business by providing your customers with a highly secure, smooth user experience, we might be the partner you’re looking for. Get in touch with Steve Le Monnier on 01534 780183 or email stevelem@corefocus.co.uk, and we’d be delighted