The UK National Cyber Security Centre (NCSC) has emphasized the need to prioritize accessibility as part of cybersecurity efforts. In a blog post on its website, the organization highlighted that many cybersecurity practices are not accessible for people with disabilities, which can lead to negative effects on both businesses and employees. Promoting accessibility can help to enhance security by reducing human errors and workarounds, while also providing a more diverse talent pool and helping organizations meet legal requirements.
The post listed several examples of how cybersecurity can be made inaccessible, including awareness campaigns and policies that are not easily understandable, as well as complicated interfaces and ambiguous link text. Other potential barriers include color schemes that may be inappropriate for people with color blindness, a lack of accessible feedback, and security that removes accessibility functions.
According to the NCSC, designing security to be accessible can increase usability for everyone. People experience diverse barriers that can affect their ability to access information, and designing systems with accessibility in mind can make them more resilient and less likely to fail. Security training is not a cure-all, and it’s important to consider accessibility and usability issues before relying on it as a solution.
To make cybersecurity more accessible, businesses and security leaders can take several key steps. They can engage with employees and encourage feedback to help them understand what works best for their individual needs. Companies can also offer flexibility and work with employees to identify specific technology needs that might otherwise break security policies. Overall, organizations should aim to treat usability and accessibility as part of their essential security requirements rather than as separate add-ons.
Lisa Ventura, founder of Cyber Security Unity, says the NCSC’s cybersecurity accessibility advice is a “great starting point” that organizations of any size can benefit from. By prioritizing accessibility, companies can ensure that their systems are more inclusive and easier to use for everyone. Ultimately, making cybersecurity more accessible can enhance overall security outcomes and help businesses stay protected from cyber threats.