We repeatedly hear that human behavior is an essential element of any organization’s security, arguably the most critical.

Therefore, most training programs focus on putting people first. But do you think everyone can access and understand your training? 

Accessibility needs to be a fundamental part of your awareness program. Furthermore, your security strategy needs to permit accessible options. For the millions of people living with disabilities, inaccessible training and tools leave them vulnerable – which becomes a vulnerability for our organizations and society. To create a safer digital environment, we must ensure that cybersecurity training is accessible and inclusive. You can start making your training accessible today.  

Understand the unique needs of employees with disabilities 

Disabilities come in many forms, including physical, cognitive, and sensory impairments. These present distinct challenges when interacting with digital systems, particularly cybersecurity tools that often require fine motor skills, clear visual perception, or cognitive focus. For instance, a visually impaired person might struggle with CAPTCHA verification, while someone with a hearing impairment may miss critical audio alerts during security processes. 

Inaccessible protocols make it difficult for people with disabilities to complete basic cybersecurity tasks, increasing the risk of human error or insecure workarounds. Employees with disabilities are just as invested in maintaining security as their peers, but without accessible tools and training, they are often unintentionally excluded from these efforts. 

For example, if a person has a visual impairment, using facial recognition for multi-factor authentication on a smartphone would be difficult because they might be unable to match their face with the phone’s camera.  

However, accessible training is a good practice even if you don’t think anyone on your team requires accommodation. Consider the three following scenarios: 

• A coworker is deaf.
• A coworker is working at a noisy coffeeshop without headphones.
• A coworker has a hard time hearing because of an ear infection.  

If your training video doesn’t have a transcript or closed captions, none of these coworkers can learn from it. By making accessibility a priority, you improve the reach of your program for everyone.

Common accessibility challenges in training and awareness programs

Traditional cybersecurity training methods frequently fall short of addressing the needs of employees with disabilities. If the effort isn’t spent making them accessible, training materials such as video tutorials or interactive platforms might rely heavily on visual or auditory cues without offering alternative formats. People with visual impairments may struggle with videos lacking closed captions or alternative text. Those with mobility issues may find navigating training modules requiring precise mouse clicks challenging. 

Additionally, your training might emphasize speed and efficiency, which disadvantages people who require more time to process information or interact with digital tools. As a result, employees with disabilities may miss critical training details, leaving them underprepared for potential security threats. This puts them at risk and increases the organization’s overall vulnerability. 

Creating accessible cybersecurity training is not just about compliance with regulations; it’s about fostering an inclusive security culture that empowers all employees. Accessible training ensures everyone can fully engage with and adhere to security practices. 

When organizations prioritize accessibility, they create a more supportive environment where employees feel valued and capable of contributing to their workplace security. This inclusivity reduces the risk of errors, improves overall security compliance, and promotes a culture of trust and safety. Moreover, accessible training benefits all employees by offering easy-to-follow materials catering to various learning styles and preferences. 

One out of every four Americans lives with a significant disability, but we have a long way to go to make the internet accessible to everyone. A recent WebAIM survey found that 96% of website homepages failed to meet one or several international accessibility guidelines.  

So accessibility isn’t just a goal for training – we must work to ensure all cybersecurity protocols are accessible to everyone, too.

Accessible and secure by design

Designing accessible cybersecurity solutions starts with understanding usability and people’s diverse needs. Accessibility doesn’t mean compromising on security; it means finding innovative ways to ensure that everyone can participate in keeping an organization secure. This includes design choices that account for visual, auditory, and cognitive differences. 

Some key strategies for accessible design include: 

• User-friendly interfaces: Implementing interfaces that are easy to navigate, with clear fonts, proper color contrast, and simple layouts that accommodate screen readers or other assistive technologies.
• Alternative formats: Providing alternative content formats, such as text descriptions for visual elements or captions for video content, ensures that people with different disabilities can access the same information.
• Flexible input methods: Offering options like keyboard navigation, voice commands, or biometric authentication (e.g., fingerprint or facial recognition) can cater to users who struggle with traditional methods like passwords or CAPTCHA. 

When accessibility is built into cybersecurity tools from the start, it not only benefits employees with disabilities but also improves the overall user experience.  

For example, state governments in the United States must adhere to Web Content Accessibility Guidelines (WCAG) 2.1 Level AA. These guidelines provide specific criteria for digital content that is usable to all and are a good place for your organization to start.  

Involve your people in accessibility efforts

No one understands the accessibility needs of your team better than your employees. Engaging your team in the design, testing, and feedback processes leads to more effective and inclusive security solutions. Encouraging open dialogue allows organizations to identify specific accessibility barriers and develop tailored strategies that address them. 

Collaborating with accessibility experts and user experience designers will enhance these efforts. By working together, organizations can ensure that their security practices are robust yet adaptable to the diverse needs of their workforce. 

In cases where security policies may conflict with accessibility needs, such as strict password policies that are difficult for some users to manage, flexibility is vital. Explore alternative methods that meet security requirements while accommodating employees’ needs – there’s more than one way to MFA, for instance. A culture of collaboration empowers employees to maintain security without compromising their ability to perform their roles effectively.

“Pig butchering” is a scam that’s been muscling into the headlines lately.

The unsettling term for these scams, pig butchering, suggests that scammers take their time to “fatten up” their victims and take as much money as they can.

These scams are also called “accidental text” scams because they often begin with a seemingly innocent mistaken text. These scams are defined by the fact that they take place over a long period of time, and they frequently combine multiple scam tactics. 

You can keep your wallet off the chopping block by watching out for red flags and protecting your data.  

Pig butchering scam meaning

The term “pig butchering” is a translation from the Chinese term shu zhu pan, which can also be translated as “killing pig plate.” For the scammers, the “pig” is a victim to be fattened up for slaughter so scammer can siphon off as much money as possible. Pretty nasty stuff!  

Shu zhu pan scams were first identified in China in the late 2010s, perpetrated by fraud networks that targeted Chinese offshore gamblers. Many of the organized crime outfits that specialize in pig butchering are still based in Asia but target people all over the world.

What is pig butchering? 

Pig butchering is very similar to romance scams, which have been around for decades, and other cryptocurrency scams that sprouted as crypto became mainstream over the past 10 years.  

As pig butchering scams have proliferated, they seem to share several traits in common: 

• “Accidental” contact: Scammers often pretend they contacted the potential victim by mistake. While contact can occur through texts, it can also happen through social media DMs, dating sites, or other electronic communications.  

• Crypto investment: After conversing with the target, the scammer will try to persuade them to invest in a cryptocurrency or platform. They may also suggest gold trading or forex (foreign exchange markets). In pig butchering, all these “investments” are fabrications, and the money goes straight into the scammer’s pocket.  

• Extended contact: The scammer will insist on continued investment once they’ve hooked a victim. They might produce fake charts or even send over small “withdrawals” to convince the victim. Sometimes a target is directed to a fraudulent app that mimics financial platforms like Robinhood or Coinbase. Once the victim catches onto the scam or seems to be tapped dry, the scammer ends contact and disappears.

Pig butchering red flags 

The best way to avoid becoming a pig butchering victim is to be suspicious of any seemingly mistaken contact. This includes texts, messaging services like WhatsApp, online dating platforms, and social media. As generative AI becomes widespread, “wrong number” phone calls and even video calls could be pig butchering scams.  

These texts can be simple (“Hi.”), conversational (“Long time, no see”), and even downright whimsical, suggesting an intriguing story (“It’s been forever since our last charity gala!”). 

A good rule of thumb is to never respond to any communication from a stranger. Don’t even tell them they’re texting the wrong number.  

Here are some general pig butchering red flags to look out for: 

• Seemingly accidental or mistaken contact, but the person wants to keep talking.
• Conversation turns to investments in cryptocurrency, gold markets, or forex.
• Continued, sustained contact to encourage repeat theft.  

How the scam works 

Most of these scammers work from offices and are forced to scam by organized crime syndicates. Many perpetrators are actually human trafficking victims lured in by the promise of a call center job, for example.  

Scammers can buy batches of phone numbers stolen in data breaches or phone numbers from legal data brokers. They then send fake messages to millions of phone numbers hoping someone will respond.  

Once a person responds, even with “you have a wrong number,” the scammer will strike up a conversation.  

At some point, the conversation will pivot to investment opportunities. The scammer might say they know about a great new cryptocurrency or a trading platform. They will make the investment sound as legitimate as possible by sharing screenshots or sending pics of their apparently glamorous lifestyle.   

Sometimes, victims are added to a group chat with many people discussing investments. The group is all scammers, or it might just be one person using multiple profiles! 

If you agree to invest, the scammer will focus on getting you to invest more and more money. They will share doctored images showing incredible returns. They might control an app or website that you can engage with. In rare cases, they might even send you some money as a fake withdrawal or dividend. 

Pig butchering scammers are ruthless – after you’ve “invested” all the money you have at hand, they will ask you to dig into retirement savings, and then try to convince you to go into borrow money and go into debt. 

If you ask for your money back, the scammers might agree but then claim they need more money to handle “tax problems” or brokerage fees.  

Once the scammer decides that the pig is thoroughly butchered, they will cut off communication. This usually happens after they’re convinced the victim has no more money to steal or the victim becomes suspicious. If the scammer can access the victim’s bank account, they will empty it.  

What to do if a pig butchering scam happens 

If you think you’re a victim, stop all contact with the suspicious person and stop investing money. Report the crime to your bank and IC3 right away. The longer you wait, the harder it is to reverse fraudulent transactions.  

To reduce the risk of being caught up in a pig butchering scheme, be mindful of what personal data you share online and follow other cybersecurity basics.