How Mimecast is bridging the gap between accessibility and cybersecurity

Advancing accessibility and maintaining robust cybersecurity may not seem like an obvious pairing, but these two concepts are deeply intertwined. At Mimecast, we believe accessibility is not just an ethical consideration but a cybersecurity necessity. By designing inclusive systems, individuals and organizations are both protected from potential security breaches that arise from inaccessible systems.

Here's how accessibility enhances cybersecurity and how Mimecast is addressing these challenges head-on.

Poor accessibility doesn't just affect individuals with disabilities; it creates usability issues for everyone. For example, overly complex login processes, inaccessible training materials, or poorly labeled interface elements increase the likelihood of errors, shared passwords, and security oversights. This means that accessibility issues often translate into organizational vulnerabilities, elevating the risk of phishing, data breaches, or unauthorized access.

Disproportionate impact on people with disabilities

An estimated 22% of working age adults are disabled, with 4.9 million disabled people in the workforce. Of these, many face unique cybersecurity challenges, such as:

• Difficulty identifying phishing attempts due to inaccessible designs or missing context, such as unreadable email headers or lack of clear logos.
• Barriers to security awareness training, where videos lack captions or alternative instruction formats.
• Exclusion from protective measures if additional security features, like CAPTCHAs or multifactor authentication (MFA), aren't accessible.

When organizations fail to address these issues, individuals are not only excluded but also left more vulnerable to fraud and harassment.

How accessibility can mitigate cybersecurity risks

Addressing accessibility fosters usability, which inherently boosts cybersecurity. By adopting these practices, organizations can create systems that are easier to use and more secure for all employees - not just those with disabilities. Here are practical examples of how inclusive design resolves common security risks:

1. Accessible authentication

• Problem: CAPTCHA challenges often hinder users who rely on screen readers or have cognitive disabilities, prompting them to seek help or share credentials.
• Solution: Replace CAPTCHAs with accessible methods such as biometric authentication or email-based verification codes. Implement Single Sign-On (SSO) solutions to simplify secure login.

2. Phishing awareness

• Problem: Phishing attempts often exploit UI inconsistencies, such as unlabeled email warnings or unclear domain identifiers.
• Solution: Ensure all email alerts are accompanied by accessible text descriptions so screen readers can interpret them. Use clear icons alongside explanations in text for multiple methods of recognition.

3. Accessible Security Awareness training

• Problem: Security videos without captions or text alternatives exclude individuals who are deaf or hard of hearing, indirectly lowering their understanding of best practices.
• Solution: Ensure training videos include captions, transcripts, and adjustable playback speed to accommodate all learners.

4. Universal design principles

• Design login forms and interfaces with:
  • High contrast ratios and large target sizes for users with low vision or limited dexterity.
  • Clear focus indicators for keyboard navigation.
  • Labels or alt text for all functional elements so assistive technologies can identify actions accurately.
  • Instructions that don't solely rely on color (e.g., red or green error indicators).

5. User-friendly password policies

• Problem: Frequent password resets or restrictions make compliance difficult, often leading to unsafe practices like password sharing or simplified credentials.
• Solution: Encourage password manager integration and reduce unnecessary barriers to password entry, such as disabling copy-paste functionality.

How Mimecast leads the way in inclusive cybersecurity

At Mimecast, accessibility and cybersecurity go hand in hand. We're committed to mitigating risks while ensuring no one is excluded from critical security measures. Here's how our solutions reflect these principles:

1. Data loss prevention. Our Incydr solution mitigates risks of data misuse, ensuring sensitive information doesn't migrate from secure systems to insecure environments like personal email accounts or external storage.
2. Spoofed email prevention. Solutions like DMARC Analyzer block spoofed emails before they even reach a user's inbox, reducing reliance on the user's ability to spot suspicious emails.
3. Security Awareness Training. Mimecast's Engage delivers inclusive, easily digestible training with accessible videos and interactive resources to reinforce best practices.
4. Real-time nudges. Our security nudges provide instant reminders while users are actively interacting with emails or systems, reducing mistakes without relying solely on infrequent training sessions.
5. Single Sign-On (SSO). SSO simplifies authentication processes, ensuring secure login with minimal barriers, particularly for users with learning disabilities or limited fine motor control.
6. Anomaly detection. Our systems identify suspicious login behaviors, like access from abnormal locations, helping to protect accounts in cases of stolen credentials.
7. Built-in warnings. Accessible email banners and warnings allow all users, including those reliant on assistive technology, to comprehend security notifications without ambiguity.
8. Inclusive reporting. Reports and dashboards in Mimecast tools are designed for clarity, ensuring important details are accessible even when resized or magnified.

A call to action for inclusive design

Cybersecurity and accessibility are not mutually exclusive; in fact, they are complementary. By prioritizing inclusivity, organizations can mitigate security risks, creating a safer, more cohesive digital environment for everyone. At Mimecast, we're bridging the gap between accessibility and cybersecurity one solution at a time.