💾 Archived View for gmi.noulin.net › mobileNews › 6013.gmi captured on 2024-08-18 at 23:04:43. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-05-10)
-=-=-=-=-=-=-
2016-04-29 09:04:43
Melissa Luu-Van
April 28, 2016
Online security often focuses on technical details software, hardware, vulnerabilities, and the like. But effective security is driven as much by people as it is by technology. After all, the point is to protect the consumers, employees, and partners who use our products.
The ways those people interact with technology and each other can completely change the effectiveness of your security strategy. So security products and tools must take into account the human context of the problems they re solving and that requires empathy.
At Facebook, empathy helps us create solutions that work because they re designed around our users experiences and well-being. Specifically, we see three ways to include make security efforts more empathetic:
Consumer-driven goals that are actionable and specific
By researching the cultural and physical contexts in which people use your products, you can define better, more precise goals for those products. Engaging with your users on a regular basis through reporting tools built into your product, online surveys, or focus groups, for example is a necessary step for understanding, rather than assuming you know, their challenges and needs.
For example, we recently asked several focus groups about their most important security concerns on Facebook: What are they worried about? What would help them feel safe? Overwhelmingly, people told us they wanted more control; simply knowing that Facebook was working behind the scenes to protect their accounts wasn t enough. We learned that many Facebook users were unaware of all the security features we offer to add extra protection to their accounts but once they learned about them, they were eager to use them. People also wanted to be able to control these features and to see how each tool protects their accounts. These findings told us two very important things about the security features. First, they needed to be easier to find. Second, they needed to be more visible and give people more control.
With that in mind, we created Security Checkup, a tool designed to make Facebook s security controls more visible and easier to use. During early testing and after our global launch, we asked people on Facebook about their experience using the new tool. They told us they found Security Checkup useful and helpful; the tool s completion rate quickly soared to over 90%. These results are validating but not surprising, since we tailored Security Checkup to what we ve learned about people s preferences and concerns.
Our primary goal has always been to protect the people who use Facebook, but through our research we ve added the goal of helping people better protect themselves wherever they are on the web. The security lessons our users learn on Facebook could help them develop safer online habits such as using unique passwords or checking app permissions that can be used on other sites, too.
Collaborative, cross-functional teams
Security is often approached as an engineering-led effort in which cross-functional teams from research, design, or product are less important. However, we ve found that disciplines besides engineering are just as critical to the thought process and product development, because diversity of thought is an important characteristic of empathy.
Cross-functional teams are particularly valuable for thinking through the various experiences people may have with a product. Car manufacturers have done this for years, adding seat belts and air bags to keep people safe even when a vehicle performs outside its intended purpose (that is, during a high-speed crash). The cars designs changed to make people s experiences safer by default. Similarly, Facebook s security tools are built with the belief that better product design leads to safer behavior. Many of our departments collaborate for this purpose, including research, security, user experience, marketing, product design, and communications.
Throughout various stages of the process, these teams convene to discuss potential engineering, design, or security challenges; identify solutions; and consider the impact any of these things might have on someone s overall experience using our products. We believe this collective expertise helps us avoid possible issues by addressing them early on in the development process. For example, during early iterations of Security Checkup we realized that simply drawing attention to our existing security features was interpreted by some people as a warning or alert that something was wrong. Because we had design and communication experts already working on the development team, we were able to create a security tool with a utilitarian tone to avoid making people feel unnecessarily concerned.
A focus on outcomes rather than inputs
Finally, and most important, empathy helps us keep people safe and if people don t have a safe experience, it doesn t matter how many security tools we make. That s why people s actual outcomes are always our highest priority. Empathy helps in a couple of ways.
First, having empathy for the people who use your products keeps you focused on helping them make small but useful tweaks (rather than major overhauls) to their online behavior. Because online security can be a daunting topic, many people shy away from being proactive about it. So encouraging people to start with small steps can go a long way. We ve seen that even incremental progress helps people learn how to recognize risk and make safer choices; simple behaviors like turning on extra security settings for online accounts can have a huge impact on someone s safety.
Second, using empathetic language in consumer communication makes security less intimidating and more accessible. This means using terms and concepts that are easily understood within local cultural and languages, even if they differ from the terms technical experts would use. Research shows that over time, fearful communications designed to scare people actually have a diminishing rate of return in helping consumers avoid online threats. On the other hand, building resiliency can help people better understand potential threats, recover from mistakes, and identify the most important preventative actions.
If you want to increase empathy on your team, one of the best ways to do it is to invite a diverse set of disciplines to be part of the product development process, both through hiring and through collaborating with other teams. Professionals with experience in psychology, behavioral sciences, or communications can bring invaluable perspectives for building an empathetic team. Then invest in research to understand the experience and security concerns of the people using your products; don t guess or assume you know what they are.
Empathy is not easy. It requires a commitment to deeply understanding the people you re protecting but it also leads to significantly better security. And that s the whole point.
Melissa Luu-Van is a product manager at Facebook, where she leads a cross-functional team focused on helping people maintain access to their accounts and keep them secure. She holds a bachelor s and master s degree in sociology from Stanford University with a focus on Social Stratification and Inequality.