The UK National Cyber Security Centre (NCSC) has been pressing businesses and security leaders to make cybersecurity accessibility their main priority to secure their systems and reduce the number of human errors and workarounds.
The move is said to also benefit in meeting legal requirements, delivering better operational outcomes and attracting more diverse talents.
Highlighted By NCSC
The NCSC detailed in a post on its website that various examples of cybersecurity have been presented as inaccessible to many people – particularly those with disabilities.
It has had negative effects on both businesses and their employees, resulting in systems that are less than secure, providing subpar security awareness and providing limitations of access to diverse skills. The call has been made for businesses and security leaders to immediately recognise and respond to the need for accessibility as a security requirement, helping organisations to achieve a foothold over their human cyber risk whilst cultivating more inclusivity for culture and diversity.
Cybersecurity has a lot of inaccessibility that gets flagged more often than not. Awareness campaigns, training or security policies in inaccessible formats leave people lacking in required knowledge in order tor jobs more and more frequently, with overly complicated interfaces, mislabelled buttons and audio and visual-only warnings making human errors all the more commonplace.
People suffering from colour blindness find themselves at odds when colour schemes are introduced such as red for warning and green for safety, with a lack of accessible feedback or error messaging following configuration changes leading to the false belief of properly implemented security controls for others.
Other flagged factors include security that removes accessibility functionality, requiring some people to resort to less secure workarounds or not doing their job as a result. If accessible ways to recover from errors or access support are not presented, near misses stand to rapidly transform into serious incidents.
Security Designed for Disability
The NCSC has highlighted that everyone stands to benefit from accessibility built-in to systems being deployed, yet people can experience diverse barriers in accessing information that ranges from permanent to situational.
In every scenario, designing for people with disabilities provides usability for everyone. As everybody experiences levels of limitation based on their environment, security is not working the way it is designed to. When security is designed with accessibility at the forefront, it becomes more resilient to work and less likely to fail. Training individuals when they do something wrong is only effective if it comes down to a lack of knowledge, not a lack of accessibility in the system.
For more information on any cybersecurity conference and risk management events, check out the upcoming events from Whitehall Media.