Millennials often seem to clash with other generations in the workforce due to their differing attitudes and expectations at work and the result can be unhappy Millennials and unhappy managers, as detailed in this Inc. article. With Millennials already accounting for more than one third of the workforce currently and set to hit roughly half of the workforce by 2020, it begs the question of how Millennials and their differing attitudes and expectations will affect the state of cybersecurity at the workplace in the coming years.
In recent years, there has been much media attention paid to the apparent lack of concern about security among Millennials, who expect easy access to technology, even at the expense of strong security.
U.S. News & World Report reported last year, citing previous studies by Raytheon and the National Cyber Security Alliance, that 72 percent of the Millennials surveyed had connected to unsecured public Wi-Fi; 52 percent had plugged in a USB device given to them from someone else; and 23 percent of Millennials admitted to sharing an online password with a non-family member within the past year.
A study by TrackIt, cited by Wired Magazine, found that 60% of Millennials “aren’t concerned about corporate security when they use personal apps instead of corporate-approved apps.” Additionally, 70% of Millennials admitted to bringing outside applications into the enterprise in violation of IT policies.
Fortune, citing research from Softchoice, recently reported that other risks among millennial workers include increased likelihood of using unauthorized cloud applications, such as Dropbox or Google Docs, and increased likelihood of displaying passwords in plain sight, such as on a Post-It note.
Joan Goodchild, editor-in-chief of CSO, told U.S. News & World Report, "Millennials, who have grown up around technology and are so used to using it, might not view that device they are bringing to work or that computer they have been given to get their work done on as something as insecure. They really see it as a tool to get things done."
Michael Kaiser, executive director of the National Cyber Security Alliance told USA Today, "It's not like they're naive about the risks. Risks don't necessarily paralyze people from doing what they want to do."
So what can organizations do to increase security as Millennials continue to increase in numbers among the workforce? The Institute for Homeland Security Solutions has published a fairly comprehensive report, which details both the risky behaviors exhibited by Millennials as well as recommendations for educating and engaging with Millennials on security topics to modify behavior.
Beyond educating Millennial workers on the risks and best practices, it’s important to implement strong security controls as part of an effective information security program. Elements such as Security Monitoring and Vulnerability Management continue to be important aspects of an effective program. If you’re a smaller organization without the time, budget, or resources to take on these elements alone, EiQ may be able to help. EiQ’s SOCVue services deliver the people, process, and technology to enable organizations to build enterprise-class security programs at a fraction of the cost of alternate solutions.