ROLE:
Co-op Position
DATE:
Three weeks
APPLICATION:
Mobile App(Android)
IOS
TOOLS:
Adobe Suite, Figma, Adobe XD
SECTOR:
Managed Service Providers for small and medium businesses
CHALLENGE:
How to keep users’ devices updated with current cybersecurity regulations while making the experience a positive one for users
CLIENT:
Derisk Corp.
MY ROLE:
Market research, user interviews, collaboration and cooperation with product managers, developers and other designers, information architecture, analysis, design, and creation of seamless cybersecurity user experience
OVERALL OBJECTIVE:
Develop methods to enlighten the cybersecurity training user experience
This was my first design internship coming out of Conestoga College, and it gave me the chance to experience the work environment of a young start-up cyber-technology firm. Derisk is a software company developing solutions for assessing and reducing information security risks to small and medium businesses. It was challenging for me to coordinate with product managers, developers, and other designers of the company for a better solution.
Our team consisted of three 2 UX designers, a developer and a head strategist. The 2 designers had to coordinate with the assistance of the developer reviewing the ideas.
MARKET RESEARCH
RESEARCH
- The insurance carrier Hiscox reveals that, on average, these incidents now cost businesses of all sizes $200,000.
- More than half of all small businesses suffered a breach within the last year.
- Today it’s critical for small businesses to adopt strategies for fighting cyberthreats.
Source: https://www.cnbc.com/2019/10/13/cyberattacks-cost-small-companies-200k-putting-many-out-of-business.html
Our company wants to capture a part of the market that uses Managed Service Providers (MSP) of cybersecurity services for small business owners. MSPs can promote Derisk technology to their existing customers through cybersecurity software updates. Customers will need to follow up on questions about cybersecurity to keep their device(s) up to date. The process of answering these questions will help to educate customers about the continual need for cybersecurity while making it easier for them to understand the updated regulations and security statuses of their devices. The data from the questionnaires will also give us more information on the behaviour of users.
Main Challenge: "How to keep users’ devices updated with current cybersecurity regulations while making sure these updates remain an engaging and positive experience for users."
In order to build engaging solutions which customers will actually buy and use, we first need to understand, with crystal clarity, two things about our customers:
- There are thousands of laws and regulations that need to be updated in order for a company to stay current with cybersecurity.
- Laws and regulations are a constantly changing market.
- A customer can update 50+ questions in one sitting. These questions can take several minutes for customers to complete and they can be cumbersome.
- Updates can appear more regularly if questionnaires are not completed often (ex. once or two in a week).
A work professional who receives daily alerts to complete a task needs a friendly way to motivate them because these alerts can often seem overwhelming and time-consuming.
Small and medium business owners struggle with accomplishing complex and time-consuming tasks - such as managing security - because of the unique time, budget, and skill constraints they face. My job was to find ways to lighten the users’ experience. The team and I were able to create a user persona that represents the app:
the solo-entrepreneur who runs a small business.The user persona we created was based on meetings set up by the Head Strategist. The user persona who uses the Derisk platform was imagined as a small business owner with a busy life, who wants to make sure they are protected from personal cyber attacks.
My name is Maria. I'm a florist who has a small flower-shop in the downtown area of my city in Essex, Ontario. I mostly work with one other employee and have some part-time help from my niece. I'm very busy during the day. I get a lot of orders from clients and companies who require my services, and I find it hard to even take lunch nowadays. I’ve been using my desktop computer that I bought a few years back to perfectly store all my information from receipts, orders, and the moodboards I find on the internet.
I received some anti-virus software when I got the computer a couple years ago. The software might have expired. I have an IT person that I call on occasion to provide updates, but I don’t have the time or money to get my software checked and updated all the time. My friend who owns a business had their computer hacked and ended up paying thousands of dollars to recover some of their information, and their IT person visits them regularly. I haven’t had a serious issue yet. However, I wonder if that situation will happen to me. I would lose so much money and potentially my entire business! I want to be certain that attacks won’t happen to me.
To get a better understanding of what current users are experiencing, I had an opportunity to interview with a solo-entrepreneur. The goal of the interview was to get a grasp of the current landscape of users and what they are struggling to understand the cybersecurity market. I created a discussion guide and conducted an interview that session lasted 45 minutes. Also, I analyzed the current state of cyber-security and how small businesses can operate together.
We weren't able to acquire permission to record the interviews which required a person to transcribe the information so that we could remember the key points of the interview.
We had one person ask the questions and another person write down key points. After the interview, we had a discussion about the interview to make sure we hadn’t left out any important information.
I interviewed various users to get a grasp of the landscape of current users who use cybersecurity and how they interact with technology over time. After reviewing the user interviews and feedback, I created an empathy map and identified a few characteristics of the cybersecurity users.
A combination of users who value time and money and prefer short term solutions do not mix well.
We began our ideation by using our interviewee data, and secondary research to map out a user journey map. We reviewed the experience from the first touchpoint until the completion of the required task. We pinpointed specific areas of the interaction where the user would struggle to use and how to it make a better experience. From these findings, we found that the Derisk app should use the following features:
A key challenge we faced during our research was providing users with sufficient rationale for updating their security software. The most ready-made reasons were the following:
Protection against security breaches
Software is not working well
However, the crucial issue behind users’ questions was the need to properly educate users on cybersecurity and at the same time provide them with feedback on what rules are required for security.
The cybersecurity process involved having users check for weekly updates. The users received a series of questions. The questionnaire ranged from one question to over ten questions. These questions educate the user on cybersecurity and at the same time provide feedback on what rules are required for security. The challenge was to motivate people to complete all of the questions. Time was the biggest factor that we had to keep in mind when creating our design. Time was critical in making sure that security updates were done promptly without any hassles.
Based on our user research, cybersecurity seems only to be important to users when it directly affects them or someone they are close to. Users only then seem to be made aware that security breaches can cripple or bankrupt even small businesses.
The challenge here was to find out what type of application we should be using first to design the app - web or mobile. We decided to create a user journey map to explain the interactions of the user. We looked at a typical day in the life of a solo-entrepreneur and how much time they would spend interacting with the app on a daily basis. Time and money are very important to our users. We need to create a solution that is both simple and easy-to-use. The simpler and easier the user thinks the design, the more chances of a user repeating and completing the questionnaire in the future. We were very sensitive to our users’ temporal and financial constraints.
Our solution for the user journey shows that there’d be a greater chance of users completing the information related to our app via mobile. We therefore decided to create a mobile-first design.
Using the data from the interview and the ideation session, I designed the current user interface with simple user flow. I created three stages on the interaction users would experience when completing a task. The strategy was to have an introductory phase, engagement phase, and completion phase.
I created a sketch from the brainstorming session. The main challenge we faced at this stage was in creating an interface that allows users to click through the interface from beginning to finish in 5 clicks or less. This means that every click on the screen would open up a new screen until users reached the last summary page.
The layout of the wireframes was broken down into three sections. I collaborated with the developer on the constraints I needed to create for the design. We made some changes to the placement of the buttons and the original layout. The wireframe allowed us to develop some design constraints by keeping the buttons consistent throughout the design.
The wireframes were then made into a higher fidelity wireframe which gave us more of a context on the look of the app. The questions and summary page was the most important for users to interact with. I chose the design because it’s simple to read and it gives a clear picture of the questions and the outcomes of the users’ answers.
For each screen, we created a user flow, showing how a user would interact with the device. The less time users spend on the app, the more they will want to interact with and answer the questions. We were careful to limit the number of questions users had to respond to in one sitting to 10. The most potentially dangerous security threats first appeared in the questionnaire.
OBSTACLE:
How to manage potential severe security threats and inform users about those threats.
THIS OBSTACLE WAS OVERCOME:
Removing the types of threat from the questionnaire and giving all questions the same appearance.
REASON FOR THIS ACTION:
Customers who experience low threats are less likely to answer questions unless the questionnaire looks the same for each question. The different levels of threat is a feature that Derisk will explore further with users:
Removing the types of threat from user’s to drive user activity
REFLECTION:
As a new UX designer, I learned how to collaborate with other experienced designers and how to create a design interaction within a short amount of time. (The design was completed in three weeks). I also had the opportunity to use my logical reasoning and critical thinking skills. There were several design constraints involved in working within the cyber-security company. We spent a lot of time defining what a useful prototype would be within the specified time frame.
Homepage
‹Next Project
›