Helping Small Businesses Protect Their Network

Securing non-tech-savvy businesses
Small Business
Cyber Security
Responsive Website

Team Members

Product Designer (Me)
Product Manager
Backend Developer
Front End Developer

Tools I Used

Pen & Paper
Sketch + Invision
Later switched to Figma as the work is faster
with collaboration.

Scope of Work

Research, User Interviews, Wire framing,
Prototyping, Usability testing, UI Design.

The Challenge

There is a rise in cyber attacks. Many solutions are too complex, expensive and are too complicated for small businesses. These solutions also require professional IT employees that small businesses usually don't have.

43% of cyber attacks target small businesses and 56% of breaches take months or longer to discover.

The Users

The users are small business owners – Attorneys, HR companies, Accountants, Small High-Tech companies, Software Houses, Private Medical Practices. They don’t have any knowledge in cyber security, and they need to comply with business regulations (this means they must be cyber protected). Since these businesses are small, most of the times they don’t have IT people that understand the risk of being unprotected.

User Research: Empathy Through interviews

8 managers of small businesses. Small law firms, design studios, accounting companies

I interviewed 8 managers of small businesses and these are the main insights I collected:

1. They don’t know the difference between antivirus and cyber security.
2. Most of them don’t know the risks of being unprotected.
3. Those who are aware of the risks and are protected might have suffered an attack or know someone who has.
4. Many of them hire IT freelancers to take care of their network or pay for a secure business bundle through their ISP (Internet Service Provider) which are much more expensive than the software solution.
5. These users are not tech savvy.
6. They think they are too small to become a target of cybercrime.

Pain Points

Complex Hardware Based Solutions

Almost all solutions are hardware based and the systems are complex and require professional IT persons to manage them.

ISP Solutions That Don't Fit The Business

They are being approached by their ISPs to get a security plan - Most of the times they dont know what they paid for and the offered solutions are an “overkill” for their business needs.

Market Research

I researched  SMB cyber security systems from other companies, software or hardware based as one of my main goals was to learn about the conventions used in the industry.
I also looked into more complex solutions like Azure Security Center by Microsoft to get a sense of how they deal with securing businesses. A common feature I found was the security score which gives an indication of the level of the business network security. I will focus on this roadmap feature further below.

1. Akamai
2. F-secure
3. Cisco
4. Allot
5. Fireye
6. Microsoft 365 enterprise security center

A feature which is very common among enterprise systems is the improvement actions. I’ve written in details about it below.

The Solution

A web responsive app that will help the small business managers stay informed of their network’s security and manage employee’s device security. Unlike hardware solutions that are expensive and require an IT person, this solution is software based, it doesn't require installation and dedicated security know how.

Early LoFi Wireframing

Wireframes helped me with thinking about the layout and flow of the product.

Improving The Security in The Business Network

Managers can improve the overall security of their business network with these actions

1. Change user and password for devices - Some devices in the network, like wireless cameras use default user and password which are not safe (for instance: admin/12345)
2. Update firmware for certain devices - devices’ firmware which are not kept up to date may pose a vulnerability to the network. The system scans for devices that need an update and notifies the user.
3. Educating employees - The system detects the behavior of employees and suggests educational steps to take. A problematic behavior can be an employee that visits *malicious sites or falls to phishing scams in emails.
4. Install Out-of-office security - While employees are in the office they are secured (since they are close to the router) But when they are away from the office their devices are not secured and may pose a threat to the business network.

* Malicious website is a site that attempts to install malware (a general term for anything that will disrupt computer operation) onto your device. Malicious websites often look like legitimate websites.

Improvement Actions: Out-of-office security

Antivirus vs. Out-of-Office Security, Users just want be protected

Small business users don’t care how they are protected, they need to be protected, period.
We used a third party antivirus company to secure employees devices and we labeled the CTA “Install Antivirus”. This confused the users; *what is the difference between cyber security and antivirus protection? I found out through the interviews that instead of confusing the users with what we are protecting them from, we should focus on *where* they are being protected - when they are away from the office.

* Antivirus protects against malicious software specifically coming from the internet. Internet Security is a broader term, it mainly deals with protection and privacy against viruses, phishing, spyware, internet threats and cyber-attacks. Security also includes firewall unlike antivirus and is costlier.

Other Screens in The System

Next step:
Security Score

Business owners are not in a hurry to solve their network problems and raise their business’ security level, therefore adding a security score can convey the system's “health level” and encourage taking care of actions to improve the security of the network.
Let users “feel” the change for the better or worse when they take care of the security issues in the system or neglect them.

How is the Device Score Calculated?

Every device starts with a 100% security score. Each of the parameters determines if the score remains at 100% or drops.

How is the Network score calculated?

The overall Security Score is an aggregation of all devices scores. At first stage the levels will be conveyed with words: Poor, Fair, Good, Excellent. At a later stage a percentage score will be shown.