Escaping the echo chamber: How to make cybersecurity accessible for all

We’ve all experienced digital growing pains in the era of COVID-19. Whether it’s ordering food delivery off a smartphone for the first time or working through technical difficulties during a game of “Among Us” with friends, we’ve had to adapt to new ways of doing things online.

Although most of our moves to digital channels have made our lives more frictionless, they’ve also brought many cybersecurity challenges. Many users struggle to access online tools due to physical and economic barriers or low digital literacy, and too many companies don’t consider these issues when they develop their products. Companies that don’t address digital barriers risk making their apps and products inaccessible to many people, including older individuals as well as those affected by disabilities or socioeconomic factors.

For example, each year in the U.S., around 26,000 people experience the permanent loss of upper limbs. If you also include those with temporary and situational impairments (e.g., a temporary bone break or other injury on a limb), this number jumps to 21 million people each year, which accounts for nearly 7% of the U.S. population. So, if your product relies on access from a biometric fingerprint reader, for instance, or depends on someone having both hands free to check a card verification code (CVC), you’re excluding a significant number of people who could otherwise benefit from your offering.

Designing the user experience in an echo chamber

Many organizations don’t account for a diverse user population in cybersecurity and cyber resilience testing for apps and digital products.

One possible cause is a lack of time and resources. There’s a constant push for organizations to release new products or updates to keep pace with market demands. Because of this, many companies try to stay competitive and up to date by any means necessary and speed through product development.

Another factor is the lack of employee diversity in tech companies, whose workforces comprise mostly white and Asian men and skew to the younger end of the age spectrum (late 20s). When these majority populations develop an app or product, they risk being exclusive in their design by only considering their own knowledge, experiences and capabilities. This cycle can lead to many populations being underrepresented in user experience testing.

We also see this issue play out on a socioeconomic level. Given the high salaries of tech workers and their access to the latest technology, populations with reduced access to updated devices can also be neglected in the development of cybersecurity protocols. For the 23% of Americans who make less than $30,000 per year and don’t own a smartphone, security measures like facial recognition technology and biometric authentication are simply not an option.

Building toward more inclusive cybersecurity measures

It’s companies’ responsibility to address accessibility challenges when it comes to cybersecurity. Doing so can help organizations build user experiences that account for a diverse human population, while also enabling individuality. By changing your perspective, better understanding exclusionary factors and leveraging evolving technologies, you can help create a more inclusive user experience.

Incorporate passive biometrics and behavioral analytics: Passive biometrics build a user profile by looking at individuals’ inherent behaviors. The tech leverages movements such as how someone types, how they hold a device or move a mouse to enable access. This ability can expand the inclusivity of your cybersecurity protocols by simplifying access — your product or app doesn’t need to rely on one-time passwords, fingerprint scans or other exclusive tactics that may cause inclusivity issues. From a security standpoint, passive biometrics help your company identify the right person behind a device with great accuracy.

Behavioral analytics combine data sourced from device intelligence — data that helps filter out devices used by fraudsters in your network — and passive biometrics information to create a user behavioral profile (i.e., a summary of how someone interacts with their device). With a user’s profile to refer back to, you’re better able to identify any abnormal actions made by the individual, like typing too fast or using a different browser, and secure their profile in real-time. Behavioral analytics are effective for cyberattacks like human-driven account takeover or mass-scale attacks.

Prioritize accessibility in product development: Consider making accessibility a requirement for all of your product development projects. Thinking about a wide diversity of human experiences during the design process can help your company identify possible “user error” events that could hinder accessibility.

Evaluate your product development team and identify any areas (e.g., age, race, disability, etc.) where they’re particularly homogenous. This review can tell you where your team is most likely to miss a detail that could create an accessibility issue. Also, engage underrepresented populations and diverse age groups in your product testing phase. Consider working with outside sources to account for diverse user access. Organizations like the World Institute on Disability offer consulting and online resources to help companies ensure accessibility for the disability community.

The push for more inclusive user accessibility and cybersecurity measures is long overdue. But organizations have a critical opportunity to make things right through evolving technology and accounting for all consumer populations in product testing. As technology becomes an even bigger presence in our daily lives during the pandemic and over the long term, it’s time to build a better user experience for all.

If you’re curious how new and growing technology can help your organization create a more inclusive and secure user experience, reach out to our team to see how we can help.