Online security often focuses on technical details — software, hardware, vulnerabilities, and the like. But effective security is driven as much by people as it is by technology. After all, the point is to protect the consumers, employees, and partners who use our products.
The ways those people interact with technology and each other can completely change the effectiveness of your security strategy. So security products and tools must take into account the human context of the problems they’re solving — and that requires empathy.
At Facebook, empathy helps us create solutions that work because they’re designed around our users’ experiences and well-being. Specifically, we see three ways to include make security efforts more empathetic:
By researching the cultural and physical contexts in which people use your products, you can define better, more precise goals for those products. Engaging with your users on a regular basis — through reporting tools built into your product, online surveys, or focus groups, for example — is a necessary step for understanding, rather than assuming you know, their challenges and needs.
For example, we recently asked several focus groups about their most important security concerns on Facebook: What are they worried about? What would help them feel safe? Overwhelmingly, people told us they wanted more control; simply knowing that Facebook was working behind the scenes to protect their accounts wasn’t enough. We learned that many Facebook users were unaware of all the security features we offer to add extra protection to their accounts — but once they learned about them, they were eager to use them. People also wanted to be able to control these features and to see how each tool protects their accounts. These findings told us two very important things about the security features. First, they needed to be easier to find. Second, they needed to be more visible and give people more control.
With that in mind, we created Security Checkup, a tool designed to make Facebook’s security controls more visible and easier to use. During early testing and after our global launch, we asked people on Facebook about their experience using the new tool. They told us they found Security Checkup useful and helpful; the tool’s completion rate quickly soared to over 90%. These results are validating — but not surprising, since we tailored Security Checkup to what we’ve learned about people’s preferences and concerns.
Our primary goal has always been to protect the people who use Facebook, but through our research we’ve added the goal of helping people better protect themselves wherever they are on the web. The security lessons our users learn on Facebook could help them develop safer online habits — such as using unique passwords or checking app permissions — that can be used on other sites, too.
Security is often approached as an engineering-led effort in which cross-functional teams from research, design, or product are less important. However, we’ve found that disciplines besides engineering are just as critical to the thought process and product development, because diversity of thought is an important characteristic of empathy.
Cross-functional teams are particularly valuable for thinking through the various experiences people may have with a product.