Product Designer (Me)
Product Manager
Backend Developer
Front End Developer
Pen & Paper
Sketch + Invision
Later switched to Figma as the work is faster
with collaboration.
Research, User Interviews, Wire framing,
Prototyping, Usability testing, UI Design.
There is a rise in cyber attacks. Many solutions are too complex, expensive and are too complicated for small businesses. These solutions also require professional IT employees that small businesses usually don't have.
43% of cyber attacks target small businesses and 56% of breaches take months or longer to discover.
The users are small business owners – Attorneys, HR companies, Accountants, Small High-Tech companies, Software Houses, Private Medical Practices. They don’t have any knowledge in cyber security, and they need to comply with business regulations (this means they must be cyber protected). Since these businesses are small, most of the times they don’t have IT people that understand the risk of being unprotected.
I interviewed 8 managers of small businesses and these are the main insights I collected:
1. They don’t know the difference between antivirus and cyber security.
2. Most of them don’t know the risks of being unprotected.
3. Those who are aware of the risks and are protected might have suffered an attack or know someone who has.
4. Many of them hire IT freelancers to take care of their network or pay for a secure business bundle through their ISP (Internet Service Provider) which are much more expensive than the software solution.
5. These users are not tech savvy.
6. They think they are too small to become a target of cybercrime.
Almost all solutions are hardware based and the systems are complex and require professional IT persons to manage them.
They are being approached by their ISPs to get a security plan - Most of the times they dont know what they paid for and the offered solutions are an “overkill” for their business needs.
I researched SMB cyber security systems from other companies, software or hardware based as one of my main goals was to learn about the conventions used in the industry.
I also looked into more complex solutions like Azure Security Center by Microsoft to get a sense of how they deal with securing businesses. A common feature I found was the security score which gives an indication of the level of the business network security. I will focus on this roadmap feature further below.
1. Akamai
2. F-secure
3. Cisco
4. Allot
5. Fireye
6. Microsoft 365 enterprise security center
A feature which is very common among enterprise systems is the improvement actions. I’ve written in details about it below.
A web responsive app that will help the small business managers stay informed of their network’s security and manage employee’s device security. Unlike hardware solutions that are expensive and require an IT person, this solution is software based, it doesn't require installation and dedicated security know how.
Wireframes helped me with thinking about the layout and flow of the product.
1. Change user and password for devices - Some devices in the network, like wireless cameras use default user and password which are not safe (for instance: admin/12345)
2. Update firmware for certain devices - devices’ firmware which are not kept up to date may pose a vulnerability to the network. The system scans for devices that need an update and notifies the user.
3. Educating employees - The system detects the behavior of employees and suggests educational steps to take. A problematic behavior can be an employee that visits *malicious sites or falls to phishing scams in emails.
4. Install Out-of-office security - While employees are in the office they are secured (since they are close to the router) But when they are away from the office their devices are not secured and may pose a threat to the business network.
* Malicious website is a site that attempts to install malware (a general term for anything that will disrupt computer operation) onto your device. Malicious websites often look like legitimate websites.
Small business users don’t care how they are protected, they need to be protected, period.
We used a third party antivirus company to secure employees devices and we labeled the CTA “Install Antivirus”. This confused the users; *what is the difference between cyber security and antivirus protection? I found out through the interviews that instead of confusing the users with what we are protecting them from, we should focus on *where* they are being protected - when they are away from the office.
* Antivirus protects against malicious software specifically coming from the internet. Internet Security is a broader term, it mainly deals with protection and privacy against viruses, phishing, spyware, internet threats and cyber-attacks. Security also includes firewall unlike antivirus and is costlier.
Business owners are not in a hurry to solve their network problems and raise their business’ security level, therefore adding a security score can convey the system's “health level” and encourage taking care of actions to improve the security of the network.
Let users “feel” the change for the better or worse when they take care of the security issues in the system or neglect them.
Every device starts with a 100% security score. Each of the parameters determines if the score remains at 100% or drops.
The overall Security Score is an aggregation of all devices scores. At first stage the levels will be conveyed with words: Poor, Fair, Good, Excellent. At a later stage a percentage score will be shown.