From Security-as-a-Hindrance Towards User-Centred Cybersecurity Design

Abstract

Cybersecurity controls in the workplace are viewed by many people as a hindrance that results in wasted time. End-users often bypass controls to get their work done and because of this, even the technically most secure systems can become unsecured. One crucial reason for this could be a lack of attention paid to usability factors by the software development teams that de-sign controls. In this paper I investigate how to design cybersecurity controls in such a way that the user is more likely to behave in a secure manner when confronted with these controls. I put forward three practices that, when employed alongside each other, hold the promise to produce usable and effective cybersecurity controls.