💾 Archived View for gmi.noulin.net › mobileNews › 6013.gmi captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
Melissa Luu-Van
April 28, 2016
Online security often focuses on technical details software, hardware,
vulnerabilities, and the like. But effective security is driven as much by
people as it is by technology. After all, the point is to protect the
consumers, employees, and partners who use our products.
The ways those people interact with technology and each other can completely
change the effectiveness of your security strategy. So security products and
tools must take into account the human context of the problems they re solving
and that requires empathy.
At Facebook, empathy helps us create solutions that work because they re
designed around our users experiences and well-being. Specifically, we see
three ways to include make security efforts more empathetic:
Consumer-driven goals that are actionable and specific
By researching the cultural and physical contexts in which people use your
products, you can define better, more precise goals for those products.
Engaging with your users on a regular basis through reporting tools built
into your product, online surveys, or focus groups, for example is a
necessary step for understanding, rather than assuming you know, their
challenges and needs.
For example, we recently asked several focus groups about their most important
security concerns on Facebook: What are they worried about? What would help
them feel safe? Overwhelmingly, people told us they wanted more control; simply
knowing that Facebook was working behind the scenes to protect their accounts
wasn t enough. We learned that many Facebook users were unaware of all the
security features we offer to add extra protection to their accounts but once
they learned about them, they were eager to use them. People also wanted to be
able to control these features and to see how each tool protects their
accounts. These findings told us two very important things about the security
features. First, they needed to be easier to find. Second, they needed to be
more visible and give people more control.
With that in mind, we created Security Checkup, a tool designed to make
Facebook s security controls more visible and easier to use. During early
testing and after our global launch, we asked people on Facebook about their
experience using the new tool. They told us they found Security Checkup useful
and helpful; the tool s completion rate quickly soared to over 90%. These
results are validating but not surprising, since we tailored Security Checkup
to what we ve learned about people s preferences and concerns.
Our primary goal has always been to protect the people who use Facebook, but
through our research we ve added the goal of helping people better protect
themselves wherever they are on the web. The security lessons our users learn
on Facebook could help them develop safer online habits such as using unique
passwords or checking app permissions that can be used on other sites, too.
Collaborative, cross-functional teams
Security is often approached as an engineering-led effort in which
cross-functional teams from research, design, or product are less important.
However, we ve found that disciplines besides engineering are just as critical
to the thought process and product development, because diversity of thought is
an important characteristic of empathy.
Cross-functional teams are particularly valuable for thinking through the
various experiences people may have with a product. Car manufacturers have done
this for years, adding seat belts and air bags to keep people safe even when a
vehicle performs outside its intended purpose (that is, during a high-speed
crash). The cars designs changed to make people s experiences safer by
default. Similarly, Facebook s security tools are built with the belief that
better product design leads to safer behavior. Many of our departments
collaborate for this purpose, including research, security, user experience,
marketing, product design, and communications.
Throughout various stages of the process, these teams convene to discuss
potential engineering, design, or security challenges; identify solutions; and
consider the impact any of these things might have on someone s overall
experience using our products. We believe this collective expertise helps us
avoid possible issues by addressing them early on in the development process.
For example, during early iterations of Security Checkup we realized that
simply drawing attention to our existing security features was interpreted by
some people as a warning or alert that something was wrong. Because we had
design and communication experts already working on the development team, we
were able to create a security tool with a utilitarian tone to avoid making
people feel unnecessarily concerned.
A focus on outcomes rather than inputs
Finally, and most important, empathy helps us keep people safe and if people
don t have a safe experience, it doesn t matter how many security tools we
make. That s why people s actual outcomes are always our highest priority.
Empathy helps in a couple of ways.
First, having empathy for the people who use your products keeps you focused on
helping them make small but useful tweaks (rather than major overhauls) to
their online behavior. Because online security can be a daunting topic, many
people shy away from being proactive about it. So encouraging people to start
with small steps can go a long way. We ve seen that even incremental progress
helps people learn how to recognize risk and make safer choices; simple
behaviors like turning on extra security settings for online accounts can have
a huge impact on someone s safety.
Second, using empathetic language in consumer communication makes security less
intimidating and more accessible. This means using terms and concepts that are
easily understood within local cultural and languages, even if they differ from
the terms technical experts would use. Research shows that over time, fearful
communications designed to scare people actually have a diminishing rate of
return in helping consumers avoid online threats. On the other hand, building
resiliency can help people better understand potential threats, recover from
mistakes, and identify the most important preventative actions.
If you want to increase empathy on your team, one of the best ways to do it is
to invite a diverse set of disciplines to be part of the product development
process, both through hiring and through collaborating with other teams.
Professionals with experience in psychology, behavioral sciences, or
communications can bring invaluable perspectives for building an empathetic
team. Then invest in research to understand the experience and security
concerns of the people using your products; don t guess or assume you know what
they are.
Empathy is not easy. It requires a commitment to deeply understanding the
people you re protecting but it also leads to significantly better security.
And that s the whole point.
Melissa Luu-Van is a product manager at Facebook, where she leads a
cross-functional team focused on helping people maintain access to their
accounts and keep them secure. She holds a bachelor s and master s degree in
sociology from Stanford University with a focus on Social Stratification and
Inequality.