A report based on interviews with individuals with disabilities reveals the impact of inaccessible security measures.
The National Cyber Security Centre (NCSC) has published an article emphasizing the critical role of accessibility in cybersecurity. Understanding the need to enhance overall safety, the NCSC urges organizations to incorporate accessibility measures within their cybersecurity framework.
This discussion follows the Thinks Insight and Strategy report, which conducted interviews with 22 individuals representing diverse disabilities, aiming to gain insights into their experiences with cybersecurity measures and identify areas for improvement.
The report revealed key findings that demonstrate the significance of accessibility in cybersecurity. People with disabilities feel equally secure while accessing technology and the online realm. However, many individuals encounter difficulties in completing online tasks due to the presence of inaccessible cybersecurity measures. These inaccessible measures not only compromise individuals’ security but also have practical and emotional impacts.
According to the NCSC article, security measures that lack accessibility create challenges for all users. For instance, cybersecurity training provided in formats that are not accessible, such as complex interfaces, unlabelled buttons, unclear text links, or audio-only/visual-only warnings, can hinder individuals’ understanding and engagement.
Additionally, colour-coded risk markings may be difficult for people with colour blindness to decipher, and feedback or error messaging that is inaccessible can lead to confusion and frustration.
Moreover, security steps that are inconvenient for people with disabilities may force them to bypass or avoid tasks, which can increase potential risks.
Reluctance to implement updates due to compatibility issues with assistive technology and a lack of accessible error recovery methods and support access further compound the challenges faced by individuals with disabilities.
To address these issues, the NCSC suggests several approaches for businesses to enhance security accessibility for employees. First, collaborating with employees and engaging them in the process can help identify specific issues and reconsider processes that require individuals to breach security policies. Second, focusing on “how” without compromising on “what” allows organisations to adhere to security requirements while providing flexibility in choosing preferred methods.
For example, enabling multi-factor authentication options can improve system resilience. Lastly, integrating accessibility into usability is crucial. During cybersecurity protocol planning, businesses must consider the impact of inaccessibility on users and the company’s overall security, recognising that accessibility and usability are intertwined aspects.
The NCSC emphasises that businesses should prioritise accessibility alongside other security measures to ensure comprehensive cybersecurity, such as the regular testing of systems/networks or acquiring an ISO 27001 certification with the help of providers like DigitalXRAID. By creating an inclusive environment that considers the needs of all users, organisations can enhance user experience and effectively protect against online threats.