It was a Saturday morning, and I had grand plans. By "grand plans," I mean sitting on the sofa, watching reruns of "The IT Crowd," and pretending I didn't hear the lawn mower calling my name.
But my wife had other ideas. "We're going to IKEA," she announced, with our kids excitedly agreeing in the background. I groaned internally. The Swedish furniture labyrinth was the last place I wanted to be.
Little did I know, I was about to stumble into a masterclass on user experience and awareness that would open my eyes. Who knew that between the MALM dressers and POÄNG chairs, I'd find the techniques that can be used to make any security awareness program more engaging.
As we entered the blue and yellow kingdom, it’s hard to miss the clear path laid out before us. It was like following the yellow brick road, but instead of Oz, it led to affordable furniture and meatballs. "Create a clear path," I muttered to myself, thinking about most convoluted security policies. If IKEA could guide thousands of customers daily without confusion, surely I could create a clearer path for our employees to follow security best practices.
Then came the assembly instructions. As I stared at a diagram for the BILLY bookcase, it hit me, the simple and wordless instructions visually showed how to assemble the furniture. No language barriers, no room for misinterpretation. Like those well-designed infographics which share volumes of research in one simple to understand image.
As we meandered through the store, my wife and kids tested every chair, opened every cabinet, and lay on every bed. I realized IKEA was offering hands-on experience with their products. I began to envision a 'cybersecurity playground' where employees could safely interact with phishing simulations and security tools.
An Allen key is pretty much the only thing you need to assemble most IKEA furniture. But I did see a little box sold with a screwdriver, nails, screws, and a few other fixing items. Basically a few essential tools that were simple to use and could assemble any item within the store. Which got me thinking about equipping staff with the right security software and resources.
Finally, as we loaded our car with far more than the single bookshelf we came for, I marveled at IKEA's self-service model. They provided the showroom inspiration, the tools, and the support staff, but ultimately, customers assembled their purchases themselves. "Self-service with support," I said out loud, causing my wife to ask if I was feeling okay.
As we drove home, our car packed tighter than a SMÅSTAD storage combination, I couldn't help but smile. I had entered IKEA dreading the experience but left with a trunk full of furniture and a mind full of ideas.
The five steps to user-centric security design that can help foster and create a stronger security culture, can be summed up as follows:
- Create a Clear Path: Just as IKEA designs a clear path through its stores, create a clear, intuitive path for cybersecurity practices. Guide users through security processes as smoothly as IKEA guides you from sofas to kitchenware.
- Use Visual Instructions: Replace text-heavy security policies with visual guides. Think IKEA's wordless assembly instructions—simple, universal, and effective.
- Offer Hands-On Experience: Set up 'cybersecurity showrooms' where employees can interact with security tools and practices in a safe, sandbox environment. It's like IKEA's room setups, but for digital safety.
- Provide Essential Tools: Equip users with the right 'tools' for cybersecurity, just as IKEA provides that essential Allen key. This could be password managers, ways to securely back up data, or two-factor authentication apps.
- Encourage Self-Service with Support: Foster a culture where users can 'assemble' their own secure environment, with expert help readily available—like IKEA's helpful staff scattered throughout the store.
Here's what you'll get:
