Wednesday, September 18, 2019

Improving Security With Kindness

A couple years ago I was on a flight next to an older woman who had never flown before. She had no idea how to use the tablet in front of her, or even how to buckle her seat belt. She asked me for help and I think at this point some people would sigh and dread sitting next to her for the rest of the flight. However I saw this as an opportunity to help someone who was technically illiterate, and probably nervous about her first flight. After I helped her buckle up I showed her how to plug her headphones into the tablet and start a movie, adjust the volume, play a game, or some music if she wanted. She was a sweet grandma and told me all about her grandkids and her life in small town America. Throughout the flight she would ask me questions and I took my time to explain everything as simply as possible. After the flight while waiting in line one of the passengers who sat behind me tapped me on the shoulder and asked how I could deal with someone like that, and said I have incredible patience. I said it was no problem and that I was just happy to help.

The way I see it, I am fortunate to have grown up around computers and be very comfortable with technology. However, not everyone is as fortunate or naturally inclined to learn how to use tech. I think it's even safe to say there are a lot of people out there that are confused or even afraid of tech. These are the people who still cling to old software, POST IN ALL CAPS, and always seem to get viruses. This is where I say that it is our job, as the technically literate, to exercise our patience and kindness to help someone who is struggling with something we figured out years ago.

Early in my IT career I worked at a Helpdesk where we were each assigned trouble tickets to work on. These tickets were often things like installing a printer, migrating someone's email to a new device, or replacing a broken hard drive. My colleagues would often cherry pick the tickets from users who were easy to work with, and avoid the "problem users". I had no problem taking on the "problem users" tickets, seeing them as opportunities to help someone in need. Many of these users were experts in their fields, and very well educated, but when it came to technology they were frustrated, confused, and angry. I often thought to myself that those are normal emotions felt by all of us when learning something new, or when something "just doesn't work", and that these same people would gladly help me if I were frustrated with something they were experts at, so why don't I share the same courtesy?

Free Cookies!
(Image Credit: Wikimedia)
I would approach each of these users with some friendly small talk, try to get the backstory on what's going wrong, empathize with their frustration, and start working on solving the problem while doing my best to explain what's going on. I would often recommend they take notes to reference later when they run into the same problem again, and come up with small tricks like using a Eudora skin on Thunderbird to make them more comfortable with a new interface. Over time these users encountered fewer problems, submitted less tickets, and some even developed a new appreciation for technology and started learning more on their own. At the end of the day this meant less work for my team, much happier users, and sometimes free cookies for me :).

More recently in my career I was building a Python script that had to be used by some of my technical and non-technical colleagues. While testing my first version of the script with my technical colleagues they told me how great it was and thanked me for building it. However when testing the same script with my non-technical colleagues, they expressed concerns about the difficulty of use and risk of making a big mistake. In my original design I had not considered this perspective, but it made sense when brought to my attention. I improved the script to make it more simple to use, added confirmation prompts where necessary, and expanded the documentation. I went back to my non-technical colleague and had them test it, they were thrilled at how easy it was to use, how hard it was to make a mistake with the confirmation prompts, and appreciated having documentation to reference.

Anyone working in IT Security can tell you that the weakest link is always the human. Phishing emails work because they trick people into installing malware. Hackers breach databases because people make mistakes in configuring the systems that are supposed to protect it. People use old vulnerable software because it's what they are used to. When these things happen we need to:
  1. Avoid shaming, that doesn't help the situation
  2. Be sympathetic, everyone makes mistakes
  3. Be patient, not everyone is on your level of comfort, knowledge, and experience
  4. Work with them to understand the problem from their perspective
  5. Educate without condescending
  6. Support
I honestly believe that if these steps are taken, hackers will have a harder time doing bad things, and the internet will be a safer place for everyone.

No comments:

Post a Comment