- The $13 Amazon Smart Plug is the best smart home deal for October Prime Day
- Grab the HP Victus 15 gaming laptop for $450 with this Best Buy anti-Prime Day deal
- Best Prime Day Nintendo deals to shop in October 2024
- Best Prime Day TV deals to shop in October 2024: Save up to $2,000
- the Onson 2-in-1 robot vacuum is almost 70% off in this Walmart anti-Prime Day deal
NCSC: It’s Time for CISOs to Prioritize Accessibility
A leading UK security agency has urged organizations to help reduce cyber risk by ensuring accessibility is built into cybersecurity policies, processes and technologies.
Lee C from the NCSC’s Sociotechnical and Risk Group cited government statistics revealing that nearly a quarter (22%) of British working age adults are disabled, with 4.9 million currently in the workforce.
“There are many reasons to address accessibility, whether meeting legal requirements, delivering better operational outcomes, or attracting and retaining a more diverse set of talent,” he argued.
“Addressing accessibility also provides cybersecurity benefits by making systems more usable and making human errors or workarounds less likely. Conversely, if we fail to consider accessibility, these risks increase.”
He gave several examples of how security can be inaccessible for some people. These include awareness campaigns not written in simple language; complex interfaces and audio-only/visual-only warnings; and color schemes that may be inappropriate for those with color blindness.
Lee C argued that accessibility is often seen as “someone else’s responsibility,” or that usability and security cannot co-exist.
“This is surprising given the number of incidents which still claim ‘human error’ as a contributing factor,” he added.
“Considering accessibility within your security requirements is a great way of ensuring that you are actively considering your ‘human factors risks,’ and that you are stress testing your security against the conditions where people will find it most difficult to use, and where human errors will be most likely.”
The NCSC recommends that security leaders:
- Consult more in their security decision-making processes and encourage feedback
- Be open to different ways of realizing their security requirements: i.e., don’t compromise on the “what” but be flexible on the “how”
- Treat accessibility and usability as an intrinsic part of any security requirement, rather than a separate add on, including asking vendors for accessibility statements on their products