Why Accessibility is Crucial in Security Awareness Training

For effective Security Awareness Training, accessibility must be considered, and courses designed to be inclusive and accessible.

Accessibility is about making something available to everyone. To enforce this, technology firms are often mandated to build solutions that can meet the needs of all users, including those with disabilities.

For example, the UK Government mandates that any technologies that they use, and that are supplied to them, must comply with the international WCAG 2.1 accessibility standard. But accessibility is a wide term. Not only does it typically cover people who have disabilities, such as hearing or visual impairment, but it also includes various other types of people who may be neurodiverse and accessibility should also include non-native language speakers.

Here are some ideas to make sure that your security awareness is accessible by all.

Security Awareness and Accessibility

Security Awareness Training typically includes making digital content usable by everyone. Take, for example, MetaCompliance’s eLearning library of online content. This content is designed to meet the WCAG 2.1 accessibility standard. The provision of accessible training materials is part of the overall attention to your audience, and accessible training content help to build the foundation of an effective security training program. It is, therefore, crucial that your Security Awareness Training campaign embraces accessibility.

Here are a few tips to ensure that your Security Awareness Training is accessible for all:

Security Awareness Should be Accessible-By-Sesign

A single security mishap can lead to major company damage involving ransomware, data loss, or Business Email Compromise (BEC); therefore, everyone must be covered by the security training. Start as you mean to go on; make your Security Awareness Training accessible-by-design.

Develop the requirements of your Security Awareness Training, that are inclusive and cover your entire user base. Begin by defining who your audience is and what they need to ensure they can take part in the security training:

• Do you need to offer training in multiple languages?
• Do some employees require additional help to see or hear training content e.g., do some users need assistive technology, such as a screen reader?
• Are some of your employees neurodivergent? For example, are they classed as autistic, do they have dyspraxia, attention deficit hyperactivity disorder (ADHD) or dyslexia.

Adjust Training to Meet Your Audience Needs

Security awareness focussed on the individual level. However, once an individual’s behaviour changes to a positive security stance, it will form part of a wider security culture that helps ensure your organisation is cyber-safe.

The individual needs must become part of the overall security training program to ensure everyone is accommodated. Once you have established the wider scope of your audience, taking accessibility into account, you can design your security awareness program. You will need to decide what elements of the security awareness need to be adapted to ensure accessibility:

• Use languages other than English: localisation of security training materials is essential for non-English language speakers as this ensures the level of understanding of the content needed for it to be effective. MetaCompliance Security Awareness Training is available in more than 40 languages.
• Visually impaired users: trainees who are visually impaired should be able to interact with the security training materials using devices such as screen readers. For example, components such as ChatWidgets should read messages out loud.
• Accessibility standard, WCAG 2.1 A: Training content should meet the requirements of the internationally recognised accessibility standard WCAG. This standard sets out the baseline requirements for disabled users to ensure a great online experience.

Implementing Accessible Security Awareness Training

Once you understand your audience accessibility needs you need to implement the details of the program. As with all methods of tailoring security awareness, such as roles-based training, your program must be targeted.

For example, ensure that you make the appropriate language versions of the program available and choose a Security Awareness Training solution that supports WCAG standards. However, there are also several other elements that ensures that all users, no matter who they are, will have a positive experience of Security Awareness Training:

• Learn from metrics: as well as meeting WCAG accessibility, the act of understanding your audience at a detailed level, can be a trial and error exercise. Advanced Security Awareness Training programs will measure the effectiveness of your training. Use these metrics wisely to identify people who are not responding as expected. Adjust the training and re-measure until you hit the spot and the user responds to the material.
• Don’t force people to work in groups: some folks are just not well-adapted to working in groups. Offer individual training programs alongside group activities.
• Be clear and concise: when developing training content, use language that is clear and unambiguous.
• Use closed captions: if you use videos in your training, add closed captions.
• Offer point-of-need learning opportunities: everyone benefits from feedback. Use a Security Awareness Training solution that provides a stop and learn (point-of-need) approach, to teach people where they have gone wrong during a session. However, make sure that the point-of-need learning follows the accessibility standards of WCAG and offers localisation options.

Security Awareness Training is about building a group culture of security, but the training acts upon the individual. Therefore, Security Awareness Training must be accessible to all. By tailoring the training and following some basic tenets of accessibility, you can ensure that your security training programs are accessible to all and effective across your organisation.