Cyber security and the importance of usability

There is nothing new or unusual about the need to design usable systems. A whole industry has grown up around the business of making sure that commercial websites and apps are easy to use and deliver the behaviour, such as spending money, that the owners of those websites and apps want to see.

Usable systems generally require three things: the system has to be useful, or at least perceived as useful, by the end user; the system has to be easy to use by the end user; and the system has to be persuasive so that the user to take the actions that the owner desires.

Is cyber security any different?

These three requirements of utility, usability and persuasiveness are seen in cyber security systems. However there are some differences compared with the consumer-facing world. Making sure a cyber security system succeeds is in some ways more important than making a commercial system succeed.

One issue is that the cyber security system has to work for everyone: potentially if just one person fails to use the system properly then the organisation will be put at risk.

In addition cyber security systems are like stable doors – they need to be shut when you want them to be as there is no use locking them after a breach has happened. If an online shop doesn’t work for some reason then the user can go back and try again, but with a cyber security system, if it doesn’t work first time then the damage may be done.

These are stringent requirements. Unfortunately the nature of cyber security means that these requirements are hard to meet:

  • Users have little motivation to comply with security requirements as keeping secure is not their main purpose; indeed security systems are part of a technical infrastructure that may have no real meaning or relevance to the end users
  • Security systems can “get in the way” of tasks and so can be thought of as a nuisance rather than a benefit
  • Security systems are often based on arbitrary and little understood rules set by other people, such as those found in security policies, rather than on the desires of the end user
  • Users may find complying with the requirements of security systems socially difficult as they may force the user to display distrust towards colleagues

These are all challenging issues and any security systems you design need to ask the very minimum of effort from the user if it is to overcome them.

Unfortunately many cyber security systems demand a degree of technical knowledge. For instance they may use jargon: “Do you want to encrypt this document?” will have an obvious meaning to anyone working in IT but may mean nothing to some users.

Furthermore some security requirements may of necessity require a degree of “cognitive overload”: the requirement to remember a strong password (perhaps 12 random characters) is an example. Again this will cause additional difficulty.

Users are not naturally motivated towards cyber security systems. And they may find them hard to use. So how can success – universal and efficient use of systems – be achieved?

Delivering success

Start with the end user. Ensure, through the use of a combination of interviews (including the standard “speak aloud” protocol used by many UX practitioners), observation and expert evaluation identify where the obstacles to successful use of the system are placed. Obviously the usual rules of good usability will apply: consistency, reduced cognitive overload, feedback, and help when mistakes are made.

Learnability is also important. Accept that some form of help may be needed by the user and ensure that this is available, ideally within the system. Help files shouldn’t just tell people how to achieve something but also why it is important.

But for cyber security systems there is also a lot of work to be done around persuasion. This will involve educating the end user about the importance of the system – how it protects their organisation, and how it protects them as individuals.

It will also involve ensuring that the system is credible – that end users realise that the system does what it is supposed to do and isn’t just a tick box exercise or something dreamed up by the geeks in IT to make everyone’s live that little bit harder.

And it will involve demonstrating to the end user that all their colleagues are using the system – and if they don’t use it then they will be out of line with the majority.

“Usability is not enough” is a common theme in retail website design. It is even more important in the design of cyber security systems.









Spice up your content marketing!

Content marketing can be fun. But it is also a lot of hard work. And without careful planning it is very easy for it to start taking up a lot of time, give you a lot of anxiety, but deliver very little.

Which is why at Mosoco we use our five step content marketing process: strategy, plan, innovate, campaign, evaluate (SPICE).

SPICE: the five step content marketing process

Step 1: Strategy

The first step is to agree your content marketing strategy. In its simplest form strategy is just the answers to three questions:

  • Where are we?
  • Where do we want to be?
  • How are we going to get there?

Your strategy needs to be aligned with other marketing and business goals. For instance, if your current marketing strategy is solely about lead generation it might not be very sensible to develop a content strategy that focuses on brand awareness (unless you felt that your marketing strategy was inadequate and needed this addition).

Once you know the general direction you want to take, you need to audit your current position: how many sales are you making; what are the effects of seasonality and region; which types of products are particularly successful? At this stage you may also find it useful to compare your business with your competitors to see if there are any obvious opportunities or threats.

Next you can identify goals. These don’t have to be particularly detailed: for instance if your content marketing strategy is focussed on generating sales you might have separate goals for online sales, retail sales, developing a database of prospective customers, and reducing churn.

You are now in a position to answer the first two questions: Where are we? and Where do we want to be? The third question to answer: “How are we going to get there?

There are a couple of things to think about here. Firstly what resources do you have available? You will want to think about how much time and money you are prepared to risk as well as how much is available to you. And you will need to consider the methods you are prepared to use to reach your goals: you will be influenced by the available resources including access to skills and technology, time constraints, and your own experience of your organisation, your competitors and the industry you operate in.

Step 2. Planning

Now you have agreed your goals you can start thinking in detail about how you will achieve them. This is where you leave strategy and start to get tactical.


For each business goal you may have one or more objectives. For instance, as part of your “increase sales” goal, you may have an objective of increasing your database of prospective clients. You need to make sure that objective is SMART (specific, measurable, achievable, relevant, time bound). In this case:

Collecting “names and contact details of prospective clients” would be a specific objective (sometime people use the word “simple” or “single”) whereas collecting “names and contact details of clients, ex-clients and prospects” would not be as it includes three very different sets of data.

You need to measure the right thing. If we are counting prospects we would probably want to make sure we were measuring opportunities with particular companies or households rather than individual contacts. Of course it isn’t sufficient to have a measurable objective: we need to agree a measure that will define whether or not we have achieved the objective – say an increase in opportunities on our database of 100%.

Objectives also need to be achievable – within the resources available to us. Any objectives that are wildly different from what has been achieved in the past should be viewed with suspicion – especially if an untried method or technology is being proposed.

And of course objectives need to be relevant – in other words to support the business or marketing goal they are part of.

And finally they need to be time bound. It isn’t satisfactory to agree a objective of doubling your database of prospects without setting a date by which this must be achieved.


It shouldn’t need saying, but understanding what your customers really want (not what you want them to want!) is pretty central to the planning process. It might be the same as what they wanted last year. Or it might not be.

If it is the same, it could be that the market environment has changed – new competitors coming in with better or cheaper products; new regulations making it harder to fulfill customer expectations; changes to household or company income. If this is the case then what worked well last year may not work so well this year.

Or it may just be that your target audience wants something different this year. (Selling the sort of Christmas jumpers I saw in the pub last night would have been pretty hard last year, but tastes change!)

Whatever they want you will need to think about the benefits you want to communicate. Sell the sizzle, not the sausage.


You also need to think carefully about how you are going to reach your target audience. For content marketing we need to think about where we can find our audience and what type of content they will expect and respond to. Will we find them on Facebook or is LinkedIn a better bet?

And what will they respond to? Will video communicate our message best (bearing in mind our resources)? Or an infographic? Or an advertorial?

We may have to treat different objectives in different ways. For instance, if our objective is to collect the names of prospective customers it probably won’t be sufficient to use an advertorial or a Facebook campaign.  (However, these tactics may be suitable for other objectives such as generating sales).


Another important part of the planning process is to conduct a “tactical” (as opposed to strategic) audit of what content is already available. It is not unusual for businesses to have a huge amount of content that they are not using but which could be used in a number of ways. This content can often kick start a content marketing programme.

Step 3. Innovation

Innovation is the next step in the process. This is controversial. Some people would say that getting the key idea or theme is something that has to happen right at the start of the process (or at least before planning). I think that’s true for an advertising campaign.

But for content marketing I think it best to plan the “structure” of our campaigns, including where and how we are going to talk to people, before we agree on exactly what we are going to say. (And remember that we identified customer wants in the planning stage.)

Innovation is fun. You can leave it to one or two “creative” people but it can be more effective to run workshops with stakeholders from within the business. Ideally you will include people from different functions (sales, marketing, finance, IT…) in an innovation workshop. They will all have different perspective, both from a business standpoint but also as consumers. Use the market insights you developed in the planning stage as prompts to create engaging (useful, interesting or amusing) content that promotes your business or brand in some way as well as offering value to the target audience.

While you will want to develop content that appeals to your audience by offering them information of value, you will also want to promote your products and services more directly. It is OK to include this sort of content but the innovation process should consider how best to wrap this sort of content up in a package that will appeal to the target audience. And however well this sort of content is wrapped up, it should probably only make up 20% of the content you publish as otherwise your audience will start to think of your content marketing as advertising.

The innovation process should address how the content could be used as well as what it should say. For instance if an idea for a whitepaper on sustainable living has been developed, think about how this could be used in different ways – an infographic, a series of blog posts, tweets about those blog posts, a webinar, a video…

If you are planning to spend a lot of money on your content campaigns it may be useful to test out your ideas on the target audience. However, it probably isn’t a very good idea to use consumers to generate the ideas. Innovating with consumers is rarely effective: on the whole people are uncertain of their motivations for doing things and there is a big danger that they will just say things that they think you want to hear.

Once you have developed your content ideas, make sure these are consistent with your overall brand statements.

Step 4. Campaign

Now we need to put our ideas into action. For this we need a robust campaign process which includes things like:

  • Persona documents of the target audience that people who are creating the content can refer to; these will include statements about the “wants” of our target audience
  • Tone of voice guidelines
  • Examples of content that has worked in the past
  • Technical parameters relevant to the places we intend to publish or share the content
  • Editorial board for content sign off and quality control
  • An editorial calendar so that we know what content we are going to publish and when
  • Diffusion process for promoting the content: for instance a blog post might be supported by 6 social media posts while a YouTube video might be supported by a blog, a website landing page, 12 social media posts (6 for the blog and 6 for the video)

Quality control is very important. The content you develop should be relevant to the audience of course. But it should also be:

  • Easy to find: SEO techniques including putting keywords in headings, writing appropriate metadata, and including appropriate semantic mark up tags are important
  • Consumable: especially for online content it is important to write simply (think about the reading age of any text) with plenty of headings and bullet points; videos should be short and to the point and accompanied by a transcript (some people will prefer to scan text); infographics should be simple, attractive, with data well visualised (think about this in the innovation step) and contain more than just text. If your content is at all extensive (perhaps a microsite or a web app) then employ some user experience testing methods to check out that people will find it easy and intuitive to use
  • Sharable: you want to encourage people to share your content as a way of diffusing it; so ensure that it is content that people want to share; you can of course ask them to share it and then make sure it is easy to share by including appropriate links and icons
  • Actionable: you will need to include calls to action that encourage people to behave in the way you want them to – downloading contact details (via a competition or free eBook for instance), reviewing a product (by making sure it is easy to do so and including “social proof” that other people have contributed reviews), or simply sharing your content with others.

It will also be important to set up monitoring processes to evaluate whether protocols and plans are being observed. It is all too common to find people who have agreed to contribute to a blog actually fail to do so, perhaps because the importance of their contribution has not been emphasised.

And finally internal processes should include liaison with other departments as appropriate e.g. passing sales leads and customer queries generated through content marketing to the appropriate people in your organisation.

Step 5. Evaluate

The last stage in the SPICE process is to evaluate your content marketing. First you need to measure the effect against any of the KPIs you set up when you were deciding on your content marketing objectives. Typically there will be two types of measure:

  • Indicative (or soft) measures that tell a story about what is going on but don’t link directly to business objectives; things such as website dwell time, Facebook Likes and YouTube video views may fall into this category. Indicative measures are important because they can show you how well (or badly) your campaigns are going before they end
  • Responsive (or hard) measures that are directly linked to your business objectives; things like positive reviews, sales leads and online sales are included here

As well as measuring the effect of your content campaigns you need to identify (as far as possible) the causes of any success or failure. Understand the reasons for failure and how to avoid them in future. Agree how to build on success. Take these learnings and use them in the planning and innovation stages of your next campaigns.

 What next?

Content marketing can be very effective. But it does require discipline and vision. If you would like to talk more about how you could use content marketing in your organisation then call me on 07855 341 589 or email me at

Twenty tips for a great mobile customer experience

With mobile access now accounting for over 15% of web use (and rising) it is increasingly important to ensure that your customers get a satisfying mobile web experience.

That means thinking about the context of use, and planning content and functionality appropriately; for instance to reduce “showrooming” it may be important to ensure that vouchers and special offers are particularly salient on a mobile device.

It means taking account of the nature of the device; for instance the fact that it can easily be moved from portrait to landscape and that it may have telephone and geo-location functionality.

But it also means thinking about design-related customer experience issues, and how these differ from the experience your customers will get when using a fixed PC. That’s what I am covering in this post. So, in no particular order, here are my list of the top twenty ways to improve the customer experience when developing your mobile website.

  1. Think carefully about what you want to do with the home page. It should allow people to get an overview of the whole site. Take care with the fold on the home page (and indeed all pages if possible): designing a home page so that a section finishes neatly at the bottom of a common mobile screen size won’t help people to discover content beneath the fold.
  2. Make sure smartphone users are not prevented from seeing the “classic” version of your site (i.e. the version for fixed PC) . There should be an easy-to-find link to it on your mobile optimised site.
  3. Don’t disable the phone’s “back” button. Instead supplement it with a “soft” back button on every page, as some people will be more likely to trust this.
  4. Where your customers are encouraged to input data, ensure that the data persists if they go backwards in the site or if their connectivity is interrupted in any way (i.e. make sure that they don’t have to input it again if something unexpected happens). This is basic website usability but especially important with mobile devices where data input can be difficult.
  5. Provide navigation that is appropriate for a small mobile device. This doesn’t mean thinking about the navigation options a mobile user will need most (although that’s important). It means thinking about where best to place the navigation and what sort of functionality it should have. Some people recommend putting it at the foot of the page; others providing a cut down or collapsible navigation; and yet others using the home page for navigation and a link back to the home page as the only navigation on all other pages.
  6. Provide a site search box at the top of the home page.
  7. Wherever possible collapse content (e.g. just show the first line or a headline and let people tap on it to expand it) so that people can choose to see more of it but also have an opportunity of seeing plenty of other content options as well.
  8. If you are having to use redirects or links to other versions of the site then make sure they work and deliver the content that your customers will be expecting.
  9. In general mobile sites should be considerably smaller, slicker and faster to load than fixed PC sites. Reduce file sizes even if it means reducing image quality. Reduce the amount of text in the mobile site; people are even less likely to read long screeds of words than they are with the fixed internet. Avoid automatic page refreshes and be very sparing with carousel features. One nice strategy is to write and design the mobile content first and then expand it for tablets and fixed PCs.
  10. Make it easy to see content. Avoid anything that gets in the way of content, especially pop ups and interstitials.
  11. Calls to action should be big and easy to see. Allow sufficient non-clickable space between two or more different calls to action. Make as much of an item clickable as possible. For instance don’t rely on a text link if there is an image that can be made clickable as well.
  12. Make sure your fonts are readable. Avoid reversed-out text and ensure default font sizes are a reasonable size for reading. Ensure plenty of contrast between text and background – remember that people may be reading your text outside in bright sunlight.
  13. Single column layouts work well; use them unless there are particular reasons for having a multiple column layout.
  14. Reduce text input requirements as far as possible. For instance with dates it may be preferable to have drop down menus with radio buttons rather than forcing people to type in a date.
  15. Allow password content to show briefly when the user inputs it so they can confirm they are typing it in correctly. Of course this won’t always be appropriate (e.g. for banking apps) but much of the time this is a good compromise between security and usability.
  16. Consider using quiz questions rather than Captcha text which can be very hard to get right on a small screen.
  17. Avoid horizontal scrolling, especially with text.
  18. Offer captions with video: don’t assume people will be in a position to play audio – or even to hear audio.
  19. Make sure that video plays. If your site has Flash video then you need to offer an alternative format in your mobile site that all devices can play – or adapt your content so the opportunity to play video no longer exists.
  20. Take care with form design. Mandatory fields should be very obvious (little asterisks probably won’t be sufficient) and ideally optional fields (except for optional address fields) should be deleted. Ensure text input boxes are as large as they can be by placing text box labels above the text box rather than to the left.

Of course there is a lot more to designing good mobile sites than the 20 guidelines I have set out above. The people at Smashing Magazine (who know far more about design than I do)  have a huge amount of advice. And User Testing have some very detailed advice about the really important area of form design. But the guidelines above should at least enable non-designers to have an opinion about whether their company’s mobile site is serving their customers well.