How to make cybersecurity more accessible

Man looking through a keyhole

Cybersecurity isn’t usually designed to make your team’s lives difficult. Accessibility issues are more likely to be accidental oversights. But they can still be problematic.

Here’s how to make cybersecurity more accessible (while retaining its effectiveness) and why it’s worth doing so:

Accessibility in cybersecurity

The point of accessibility is to ensure that no disability or impairment stops someone from being able to do something.

More than 1 in 5 adults in the UK have some degree of impairment or disability. That’s a huge portion of the population who can have their lives hindered by poor accessibility.

But it’s also worth noting that accessibility is not just about helping those with disabilities. A side-effect of designing a system to be accessible is that it benefits everyone.

The NCSC (National Cyber Security Centre) is currently researching how some cybersecurity protections can cause problems for people with disabilities or impairments.

These issues have often gone overlooked. Yet they can cause major issues for everyone using a system – not just those with different accessibility requirements.

Why is accessibility important?

1) An inaccessible system is harder for everyone to use

Imagine you’re trying to watch a cybersecurity training video. Only you can’t hear the audio and there aren’t any subtitles.

In this situation, you might be deaf or hard of hearing. Or, equally, you might be in a noisy office.

It’s a simple example. But a clear illustration of the way that designing a more accessible system is better for all.

2) There are legal requirements

The law is gradually getting better at making sure individuals and businesses need to take into account the differing needs, ease, and preferences of people with disabilities and impairments.

Making sure “boxes are ticked” isn’t a great motivation for instituting more accessible cybersecurity systems. But you do need to make sure you are compliant.

3) Recruit more diverse talent

Numerous studies show that a more diverse company (and more diverse c-suites and board rooms) will lead to a more profitable company. In short, the more different viewpoints you have, the better.

Designing all aspects of your business to be accessible – even desirable – to someone with a disability, impairment, or even a neurodiverse person, lets you attract more diverse talent.

4) Reduce the “human error” factor

It’s amazing how many times the analysis of a data breach points to “human error”.

In some cases, this was because the cybersecurity system in question was not designed to take into account the way people actually interacted with it everyday.

Some helpful person then came up with an ad hoc method for getting around the inaccessibility. This led to a loophole that could be exploited.

Examples of inaccessibility in cybersecurity

As a Managed Service Provider, it’s often the task of Dial A Geek’s geeks to analyse a business’s cybersecurity set up.

Some of the most common examples of inaccessibility we come across include:

  • Cybersecurity policies written in language that just isn’t accessible to a layperson
  • Cybersecurity training that doesn’t provide both audio and visual information
  • Logins or authentication systems that don’t allow enough time or options for input
  • Situations where a “workaround” is the easier (but less secure) solution
  • Colour-based warning schemes

How to make cybersecurity more accessible

1) Start with accessibility as a requirement

Build accessibility into the planning and strategy phase as a key part of your cybersecurity system rather than something added on top.

Make sure your IT specialist or Managed Service Provider checks the accessibility of the system, products, and services they are implementing for you.

2) Check in with your team and ask for feedback

A good process for collecting and acting on feedback from your team is always helpful.

Ask them about cybersecurity and make sure new systems are properly tested before they are rolled out.

Be sure to underline that people who come forward to suggest how a system is problematic or less than fully accessible to themselves or others are being helpful.

3) Don’t undermine your security – do offer options

Having a system that is more accessible should not mean it is more accessible to cyber criminals.

However, being flexible in – for instance – the kinds of authentication your Multi-factor Authentication system asks for isn’t undermining your security.

There are many ways to be flexible when you’re working out how to make your cybersecurity more accessible without reducing the effectiveness of your protections as a whole.

Want to talk through how accessible (and effective) your cybersecurity is with an expert?

Dial A Geek has already helped over 1000 businesses in Bristol and the UK make sure they have the most suitable protection in place.

Set up a cost and commitment-free chat with Chief Geek Gildas Jones today.