Published on September 16th, 2016 | by Guest0
Don’t Become the TSA. Avoiding Useless Security Theater.
It’s not just the TSA who practices security theater, many businesses are doing it everyday. While security theater is a great way to show the general public that they are safe. Some security theater can be good, but a lot of it draws focus away from actual security, and that is super dangerous.
Security Theater: Can it be Good?
Some security theater is okay, offering good advice to your users is a good way to show that they are safe in your authoritative, responsible hands. However security theater that inconveniences anyone but doesn’t offer any actual safety is a giant hassle that you don’t need.
Some terrifically bad examples of security theater in the TSA, from useless techniques to catch ‘bad-guys’ to a definite lack of real security. For businesses this could cover anything from taking unnecessary information from your clients, to sending client passwords (which makes them feel better) from an unsecured email. Any actions that make a customer feel safer but do not offer any actionable results, or added benefits, is disastrous in the long-term.
Good security theater could be giving great advice to your customers, which increases confidence in your company without offering actual security. Or being very clear about your data-usage policies, explaining that you don’t sell email information. This sort of transparency gives your customers a more secure feeling without your business actually stepping up its security. The key difference is that good security theater actually helps your customers.
How Bad Security Theater Prevents Real Security
The biggest sign of bad security theater is negative reactions from your customers, or anything that feels exhaustive. You can find ways around getting useless information from your clients (which if your user do themselves on a corporate Drupal site, can be catastrophic), and making them wait for long load times on your website, or in long lines at your store. The impression of security is not worth the cost for your customer. Reducing the amount of bad security theater will give your customers more confidence, and help gain repeat customers.
Bad security theater like excessive encryption that slows down your site, a erratic client tracking method that doesn’t allow customer service to view vital client information, or risking password breeches with overly complicated password requirements that incentivise employees to write them down. Sometimes security can be just going over a few key parts on your website or securing payment information. Consider what parts of your security is just theater and could be hurting your business.Security theater means lost customers, exhaustive hassles, and it can even cost more!
Why is it Important and Ways to do it right
Security theater isn’t too terrible and it is normally a good thing to have your customers think of you as more safe or secure. As long as the processes you are using to increase your perceived security don’t hurt your customers or slow down your employees it could have big pay offs.
While you could always improve the actual security of your site, other methods like improving the lay-out and going with a more trustworthy theme, similar to that of banking or education websites are quick ways to gain trust from your consumer. You’re not providing any actual security, but it appears more trustworthy to your customers without compromising functionality.
If you do chose to actually increase your security, encryption is a great offer. Hiring a security consultant with some information systems knowledge or a cissp certification to look through the mountain of data on your site, how clients might use your service, and where things could be made more streamline would reduce a lot of that unnecessary fumbling by your customers and client-facing employees while maintaining security. Get rid of an unnecessary shows of safety. You’re a company, not a pitbull.