Cyber security and accessibility – Can the two work together?
One of the original tenets of digital security was to protect the user without getting in the way or interrupting what they want to do.
We all know that never happened, but how does security impact those with accessibility challenges? How can we include accessibility into security so it genuinely works for everyone?
How much thought do you put into accessibility when devising your own IT security strategies?
A recent report by the National Cyber Security Centre (NCSC) called Thinks Insight & Strategy shows us some of the difficulties some people have with technology.
The Thinks Insights and Strategy
The Thinks Insights and Strategy is an illuminating insight into how some of the cyber security methodologies we use every day can provide extra challenges to some users.
Imagine not being able to use Face ID because you cannot see the phone clearly enough to line it up or cannot hold the phone straight?
Or not being able to use two-factor authentication because you cannot use a mobile phone as other people do or use a fingerprint scanner?
There are a multitude of challenges some people face and a truly accessible security strategy needs to take them all into account.
According to the latest census statistics, there are around 10.4 million people with a disability in England and Wales.
That’s a significant proportion of the population that could be disadvantaged by cyber security.
How to make cyber security accessible to all
Accessibility is not only a legal requirement, but also a moral obligation. We want everyone, with every level of ability to be able to work, go online and enjoy the same benefits as everyone else.
We also want everyone to be equally secure, regardless of any challenges they may face.
So what do companies need to do?
Here are a few suggestions:
Consider the how as well as what
Two-factor authentication is a very effective method of securing accounts, but have you considered what form that second factor takes?
Is it purely an SMS code or fingerprint? How would someone with accessibility challenges manage?
Adding a range of options covering audio or visual could open up security to a much wider audience.
Keep apps and websites simple
Complicated login pages, apps and even buttons on websites can provide significant challenges to some users.
Usability should be at the core of UX design. Keeping things simple with clear buttons, not using popups that cover up the screen and not relying purely on visual cues for direction can all help.
The ability to zoom in on a login screen or copy a 2FA code from one page to another are two very simple examples of where a simple change could have a significant impact.
Some companies don’t allow the use of password managers due to a perception of insecurity. Yet they can be invaluable for someone with learning disabilities or memory issues.
Properly assessing a password manager and providing controlled access to one could make all the difference.
Keep it simple
Multi-page forms or multiple choice questions can often be difficult for someone with learning difficulties or visual impairments.
Offering an alternative or the opportunity to speak to someone via SMS, WhatsApp or web chat could make life a whole lot easier.
Any secure workaround to help those with accessibility problems removes the temptation for the person to find a less secure workaround and increases the perception your company takes accessibility seriously.
Offer choice wherever possible
The main takeaway from the Thinks Insight & Strategy survey is that people accept that cyber security is there to protect them and usually does a good job.
But it also recognises that having options could significantly widen accessibility.
Having more than one way to authenticate an app or more than one method of two-factor authentication could genuinely help.
Accessible security is a thing
It is possible to create a more level playing field when it comes to cyber security. Or at least, remove many of the blockers so those with accessibility challenges have the same levels of frustration as the rest of us.
The Thinks Insight & Strategy report and others like them should be a wakeup call to all businesses.
It provides valuable insights into how different people view the world and the It they use to access some of it. It’s well worth a read and well worth implementing into your IT strategy.