Coming off the heels of the COVID pandemic, we have all become a little more aware of the vital role that technology and the internet play in our lives. We have also all become a little more aware of the importance of engaging with effective cybersecurity, given the rise in cybersecurity risks during this time. However, cybersecurity largely remains inaccessible for people with disabilities.
Tools such as CAPTCHA, which have long been identified as inaccessible for people with a variety of disabilities, remain the norm for cybersecurity threats, despite the fact that they are no longer as effective as they were in the past. According to an article about the inaccessibility of CAPTCHA, published by W3C, “All interactive approaches require users to perform a task believed to be relatively easy for humans but difficult for robots. Unfortunately, the very nature of the interactive task inherently excludes many people with disabilities, resulting in a denial of service to these users.”
Lack of accessibility leads to people with disabilities having less equitable experiences when it comes to cybersecurity. They are left with a decision to disengage with websites, abandoning purchases and services, removing or bypassing cybersecurity, leading to increased risk for this group, or abandoning technology entirely, which is becoming less and less feasible as interacting in a digital world becomes increasingly critical in the daily living activities.
Even trainings for new employees regarding a company’s cybersecurity policies are largely inaccessible to people with disabilities. Frequently these trainings are delivered in inaccessible formats, with uncaptioned auditory content, images without alt text, the need to distinguish color coded content, and knowledge checks which cannot be completed unless the user is able to navigate the screen with a mouse.
So, what steps can be taken to ensure that cybersecurity is both effective and accessible?
Engage Disability Personas
Usability should always be a priority when creating technology solutions, but frequently personas used to determine usability factors are not inclusive of the lived experiences of people with disabilities. When determining disability personas, it is important to remember that there is a wide range of disability types with unique engagement factors. However, there are also other factors to consider, such as if this person is a novice, proficient or expert technology user. Just as there are men who interact with technology who range from expert software developers to individuals who only are engaging with technology to order their kid a special gift. People with disabilities are not all the same and do not all have the same lived experiences, just as all men do not have the same lived experiences.
Ensure Representation in Feedback Channels
When determining feedback channels, from beta-testers to comment pathways to panel discussions, ensure people with diverse disabilities are among those who provide input into your cybersecurity solutions. As an aside, it is critical when doing this to ensure that your feedback channels are accessible as well. Sending out a survey that is inaccessible will not allow people with disabilities to engage in the opportunity to share feedback. If unsure how to engage the disability community, determine opportunities to partner with cross-disability organizations to identify user groups of people with disabilities.
Offer Flexibility
Avoid solutions which strictly exclude people with certain disabilities by offering flexibility in engaging cybersecurity protocols. For example, do not strictly rely on images, sound, or color as the only option to move forward to access information, merchandise, or services.
Build Accessibility into Security Requirements
Review security and usability statements to determine if these standards specifically spell out a requirement to address accessibility. Consider the impact if security measures are not carried out or bypassed due to inaccessibility. Conduct testing of these steps to determine if they are accessible. Building solutions with accessibility in mind not only removes barriers to people with disabilities, but it also increases effectiveness of the solution and creates a more usable experience for everyone. To address this, include a requirement for cybersecurity to comply with specific standards of accessibility.
Demand Providers Deliver Accessible Solutions
If engaging a vendor or provider to manage your cybersecurity needs, don’t assume they are being attentive to accessibility. Request a digital accessibility conformance report, requiring them to demonstrate to you the accessibility of their solution, as well as their strategy for increasing or continuing to maintain accessibility moving forward.
Read the National Cyber Security Centre’s (NCSC) article.
Looking for more assistance with digital accessibility testing or information about digital accessibility conformance reporting? Contact us today.