Home » Topics » Cybersecurity » Should ease of use always trump security?

Should ease of use always trump security?

Avatar photoby Ben Rossi

The rapid evolution of computing devices has enabled 24/7 access to information and services almost everywhere. However, the abundance of technology has introduced a wealth of data security concerns that need to be addressed.

The problem is that security measures impact the usefulness of data; too much will make systems unusable, while too little will make it too risky to use. A fine balance between the two is needed, but what does this look like?

Chasing the ideal

A good example of this balance can be seen in contactless bank cards, which enable users to pay up to £20 by simply tapping them against a reader without the need for a PIN or signature.

>See also: Cyber security: the solutions aren't working?

The security measures in place are twofold. First, the maximum payment limit prevents criminals from spending huge amounts if you lose your card. And second, banks have made it easier to cancel a bank card and reimburse any money if it is stolen. 

The security aspects of contactless bank cards haven’t stood in the way of making them useable and their popularity is growing day by day.

Balancing act for businesses

So what can businesses learn from innovations like these? To properly decide what safeguards are needed, we need to understand that business data is incredibly valuable – a lost file could result in competitors stealing intellectual property, or the records of millions of customers being made public. For others, it can be a matter of national security.

The most security conscious organisations have authentication processes involving rigorous physical and electronic checkpoints which can take several minutes to get through.

This means that even a simple toilet break can result in a significant amount of offline time. This is one extreme of the security spectrum – for the most secret data, it is warranted.

Placed in a business context, often these types of controls would be totally unreasonable. Yet at the same time, organisations can’t leave the door wide open. 

Don’t have it if you don’t need it

To strike the balance between security and usability, businesses need to implement solutions that support the way that we work. 

To do this, businesses should look at what data each user requires access to and only grant it to those files and directories. For example, an HR department wouldn’t necessarily need to use a customer data base so they shouldn’t be automatically granted access to it. 

Nor should data be allowed to be stored on unlicensed devices. This will alleviate the risk of file loss without affecting how those workers that actually need the data work.

Encryption for all

Controlling access is only one step. As pessimistic as it sounds, a data breach on any organisation is, given time, certain to happen.

Businesses need to take a fatalistic stance when it comes to security – they should assume that they have already been breached and assess their options accordingly.

Key to this is data encryption, which will make any stolen data unusable by an unauthorised user. This is perhaps one of the most effective security measures organisations can take, as even if an intruder accesses a company’s data, they can’t do anything with it.

The importance of encryption can’t be understated. The Information Commissioner’s Office has been promoting the need for data encryption across the board, clamping down increasingly hard on organisations that are found not to use it effectively – or at all. 

A lesson in security

Regardless of the measures an organisation takes, the weakest link will nearly always be the human factor. Consequently, it’s more important than ever that employees are educated about the risks that they take when using sensitive data.

At a minimum, employees should learn basic security measures, ranging from choosing strong passwords to best practice when handling data or working on a mobile device.

>See also: Cyber security guide to the 10 most disruptive enterprise technologies

In addition, companies should take the time to inform employees about everyday security risks. For example, there are several different phishing scams doing the rounds which are all engineered to extract valuable data.

Informing employees about some of the tell-tale signs of phishing scams to look out for are a simple step to avoiding catastrophe.

Ultimately, it comes down to the security department staying on top of the latest security threats, and sharing that information throughout the organisation.

Achieving the balancing act

Security measures do not need to be overly complicated. Business-level security does not need to obstruct usability, but that is not to say that it shouldn’t exist altogether.

The best way to assess organisations’ security needs is ultimately to assume that they have already suffered a data breach and implement measures accordingly.

Overcomplicating security will only obstruct workflows, but measures like data encryption, correct access privileges and worker education are all ways of striking the fine balance between usability and security.

 

Sourced from Chris McIntosh, CEO, ViaSat UK

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Data
Data Breach

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise