With such precision focus on cyber security among businesses over the past several years, it’s understandable that many are taking security to a new level. But what happens when passwords, authentication, and other methods become too cumbersome? Can there actually be such a thing as too much security – or should businesses always err on the side of caution?
With cyber security issues plaguing businesses of all kinds, it’s no wonder IT experts are on the defensive when it comes to protecting their customers’data. But can it go too far?
Banks, retailers, or any other type of service have a responsibility to make sure their users’ information is safe.
Unfortunately, sometimes they go too far and make the experience painful. Such as having to change passwords so often that users never remember them. Or two-factor security that doesn’t always work. Even forced to use characters so complex the password can’t possibly be recalled. There is such a thing as too much security.
How can businesses and organizations maintain a balance between necessary, responsible security, while still making services usable for everyone?
Cyber Security Tactics and Techniques
For the past decade, businesses have been told their security measures need to be more robust to defend themselves against cyber crime. If they’re protecting consumer data such as credit cards, it naturally follows that the information should be protected with more than just a password.
After all, hackers are creating new ways to attack information all the time.
As a result, businesses and organizations regularly use some or all of the following techniques:
· Two-factor authentication
· Biometric security
· Passwords that require special characters and other rules
· Security questions
Unfortunately, these techniques can sometimes have the opposite effect of what’s intended. Research conducted by Microsoft in 2014 found that the majority of passwords created by users are too weak, and that asking them to create a password with a host of special characters may not be any more secure.
Instead, the research says businesses should use cryptographic methods to protect users’ passwords. This is in place of simply pushing all effort onto the user. This is all the more important considering most users still choose weaker passwords. Despite so much public education on the issue.
Information Assurance Comes with a Price
According to McKinsey research, users have to remember 14 passwords on average, and “increasingly complain” about the inefficiency and complexity of the experience. And at the same time, consumer perceptions of security have gone down.
Additionally, the research found that businesses that deliver a good digital experience and keep users’ data safe will see a boost in customer satisfaction scores. Providing a smooth authentication service means calls from customers go down and profits go up. For example, password-reset inquiries can cost up to $20 million a year for larger businesses.
While it’s clear that businesses should always be aiming to make their services as secure as possible, it’s best to design these systems with the customers’ experience in mind.
What Can Organizations Do?
Solving this problem requires balancing security and convenience. Many businesses may find they will be increasingly dealing with consumers who want access to a wider range of security measures, while many simply want to access their information using just one password.
Kaspersky research has found that 29 percent of respondents believe that no precautions are needed when buying something online, as they assume websites are already protected.
Allowing for the customization of security methods can provide the best of both worlds. A securely protecting data with multiple layers of security for those who need it. As well as providing a seamless experience for those who don’t want to go through multiple layers of security.
Ultimately, specific methods will differ from business to business. But the message is clear; when it comes to security, you need to put your customers’experience first.
How do you think organizations’ can improve their cyber security without comprising the customer experience?
You can help organizations overcome this challenge with an advanced cyber security education. Explore the degree options available and invest in a lucrative, long-term career.