Feds Want User-Friendly Security; Cyber Pros Don't Think About That

Federal employees are often an agency’s own worst enemies when it comes to ensuring information and systems are secure, according to a new study.

The report, “Cybersecurity Experience: Cybersecurity Pros From Mars; Users From Mercury,” released Tuesday by MeriTalk and Akamai Technologies, found that federal cybersecurity professionals often fail to consider the end user experience when deploying cybersecurity solutions.

Ensuring a user-friendly experience, for example, was considered the lowest of priorities among cybersecurity professionals surveyed, falling below other priorities like preventing data theft, ensuring a thorough Web security strategy and maintaining and upgrading security systems.

The lack of user-friendly security tools may be why half of all agency security breaches are estimated by cyber pros to be the result of a lack of user compliance, the study said. Federal employees reported being most frustrated with security measures used for surfing the Web and downloading files; ironically, those two areas were where cyber professionals reported seeing the most breaches, MeriTalk found.

In addition, while cyber pros and end users agreed that agencies are vulnerable to a wide variety of cybersecurity threats, end users argued that agencies must work to strike the right balance of security measures to help offset the potential losses in productivity those measures may cause. Nearly one in five end users could recall an instance where they were unable to complete a work assignment on time because of a security measure. End users also said security measures are burdensome, time-consuming and obstructive, so much that 31 percent admit to using some kind of security work-around at least once per week.

Single sign-on, user-friendly interfaces, fewer firewalls and streamlined mobility were among the top fixes end-user feds said would improve their efficiency and productivity going forward.

Some agencies are striking the right balance on security and end-user satisfaction, MeriTalk found, and those examples are proof that investing in the end user experience is valuable: Cyber pros who said they prioritize the end-user experience, for example, were more likely to say that their agency’s cyber security protocols and Web strategies were very effective.

“Cyber pros and end users are on the same team, with a shared mission and common goals. The two groups must work together,” the report stated. “Cyber pros need to alleviate end users’ biggest woes. Look for tools to increase security of the Web and email without compromising performance.”