picture of online payment and cyber security

Although there has been an increasing awareness of both website accessibility and cyber security/threats in recent years, relatively little has been done to focus on cyber threats for the internet’s most vulnerable users.

With almost 2 million people in the UK, and 8 million in the US suffering from visual impairment, cyber security for the visually impaired is a growing concern for businesses and individuals.

Almost half of all blind and partially sighted people feel ‘moderately’ or ‘completely’ cut off from the world around them, and this is something that technology is helping to fight. Indeed, it can help to a degree but much more needs to be implemented for holistic cyber security.

Although technology can help people with disabilities maximise their potential, giving them access to information and the ability to work independently, execute errands, and communicate with others, it also introduces major cyber security risks.

According to McAfee, an estimation of the annual cost of cybercrime to the global economy is more than $400 billion.

Findings from previous studies suggest that people with visual impairments tend to use computers and the Internet at rates below the average for the general population, indicating that a major digital divide still exists for users who are visually impaired.

According to a U.S. Department of Commerce report from 2013, internet use in the U.S. among households with people with a disability is only 48% compared to 76% in households with people with no disability. Similarly, a recent 2013 Oxford Internet Institute report from the United Kingdom presented similar findings that indicate only 51% of people with a disability use the Internet, which is considerably less than the 84% of non-disabled respondents who use the Internet.

Internet users who are visually impaired are more vulnerable to cyber-attacks due to the absence or limitation of visual cues, the inaccessibility of visual cues, and a lack of software support to inform users about potential cyber security threats.

In addition to challenges encountered due to the structure and design of web pages, there are other cyber security challenges that users who are blind confront when surfing the web. These include the use of CAPTCHA, login sessions and timeouts, security updates, malware and phishing as mentioned by Holman, Lazar, & Feng in 2008.

One important challenge faced by visually impaired people is how to preserve their privacy and security in their daily lives. Sighted people are able to monitor their surroundings to protect themselves from privacy threats, such as sight lines where the visually impaired are not.

With regards to internet accessibility problems and security concerns while using the internet, the results of a 2007 study revealed that critical issues were mainly related to the structure and design of websites, for example, missing the alternate text, complex forms and auto-refreshing pages. Among those, the navigation structure and website organisation were the commonly reported difficulties due to the lack of accessible design and the overwhelming amount of information presented on web pages, as documented by Lazar et al in 2007. Such difficulties force individuals with visual impairments to spend an excessive amount of time to individually complete their intended tasks or to rely on other people for acquiring crucial information or completing everyday matters.

Risks for the visually impaired

Visual eavesdropping is another issue. Many visually impaired people are aware of the threat of visual eavesdropping, otherwise known as ‘shoulder surfing’ and try not to use their devices in public.

Many visually impaired people use accessibility features that read phone or computer screen content out loud. However, these features also create the risk of aural eavesdropping of private information by bystanders, since visually impaired people may not be able to tell if bystanders are present. Generally, screen reader users are more concerned about aural eavesdropping, which has been reported in supporting literature. A lot of hearing aids aren’t necessarily headphone compatible well.

Strong passwords are key for computer security, but the visually impaired struggle with password management because of their disability. Some record their passwords in a computer file and use screen readers to retrieve them, but this creates aural eavesdropping risks as well.

Typing in passwords securely is also difficult, screen radars make a generic ‘click’ sound for each key press when entering a password instead of the sound for the actual key, which prevents eavesdropping but makes it hard to enter the correct password for the user.

Many don’t always have the means to verify whether their account has been compromised. Modern web browsers try to prevent some attacks like phishing schemes, but these features are not always accessible. For example, many that screen readers interpret the URL in a browser by its display text rather than its contents, so it is difficult to identify a malignant URL. Other security cues like the lock icon verifying an encrypted connection are not easily confirmed by the visually impaired.

An additional complication is that the debugging information needed to diagnose a non-functional device is itself not accessible to a blind person. One candidate in the research noted that none of the accessibility tools installed on her computer worked until it was fully booted up, so she had no way to read errors during start-up.

Another candidate mentioned that a local bus operator’s website is not accessible, so she gives her credit card number to someone else to buy tickets. Another claimed their university website is not accessible, so he must ask someone to read his grades to him.

Many participants found online banking and shopping more accessible than visiting brick-and-mortar stores. In fact, the visually impaired people provide more status updates on Facebook more frequently than average, while sharing and commenting on just as many photos. However, one challenge they mentioned is the notoriously volatile and complicated nature of Facebook’s privacy settings. Facebook is constantly changing, for us one minute we can use it and the next minute we can’t because they are always changing the site. After posting content, it can be difficult for visually impaired users to confirm that the privacy settings are correct.

For further reading on how Fresh01 specialise in cyber security training, an eLearning example for a law firm can be found here, or to speak on a project concerning the vulnerability of visually impaired web users and to see how we can help, contact us now and we will be happy to offer an initial consultation.

List of references

Towards a Universally Usable CAPTCHA

Universal Usability