- I opened up a cheap 600W charger to test its build, and found 'goo' inside
- How to negotiate like a pro: 4 secrets to success
- One of the cheapest Android tablets I've ever tested replaced my iPad with no sweat
- I use this cheap Android tablet more than my iPad Pro - and don't regret it
- The LG soundbar made my home audio sound like a theater - even though it's not the newest model
NCSC: It’s Time for CISOs to Prioritize Accessibility
A leading UK security agency has urged organizations to help reduce cyber risk by ensuring accessibility is built into cybersecurity policies, processes and technologies.
Lee C from the NCSC’s Sociotechnical and Risk Group cited government statistics revealing that nearly a quarter (22%) of British working age adults are disabled, with 4.9 million currently in the workforce.
“There are many reasons to address accessibility, whether meeting legal requirements, delivering better operational outcomes, or attracting and retaining a more diverse set of talent,” he argued.
“Addressing accessibility also provides cybersecurity benefits by making systems more usable and making human errors or workarounds less likely. Conversely, if we fail to consider accessibility, these risks increase.”
He gave several examples of how security can be inaccessible for some people. These include awareness campaigns not written in simple language; complex interfaces and audio-only/visual-only warnings; and color schemes that may be inappropriate for those with color blindness.
Lee C argued that accessibility is often seen as “someone else’s responsibility,” or that usability and security cannot co-exist.
“This is surprising given the number of incidents which still claim ‘human error’ as a contributing factor,” he added.
“Considering accessibility within your security requirements is a great way of ensuring that you are actively considering your ‘human factors risks,’ and that you are stress testing your security against the conditions where people will find it most difficult to use, and where human errors will be most likely.”
The NCSC recommends that security leaders:
- Consult more in their security decision-making processes and encourage feedback
- Be open to different ways of realizing their security requirements: i.e., don’t compromise on the “what” but be flexible on the “how”
- Treat accessibility and usability as an intrinsic part of any security requirement, rather than a separate add on, including asking vendors for accessibility statements on their products
