It’s sometimes easy to forget that the younger employees of today are the managers of tomorrow. If we fail to understand how they use technology and perceive security and privacy, it will have a major bearing on the workforce of the future, and the long-term ability of organisations to withstand cyber threats.
To shed some light on the issue, Centrify recently commissioned new in-depth research drawing on interviews with not only 1,000 UK office workers aged 18-24, but also 500 senior decision makers.
At a central London event last week, we gained some fascinating extra insight into how the next generation approach online security, with social media stars “Woody and Kleiny.”
Us vs. them
The Centrify research uncovered some uncomfortable gaps between perception and reality. Most notably, decision makers blamed younger workers for a range of security problems, including oversharing data, misusing technology, and causing data breaches.
In reality, however, managers were more likely to engage in multiple types of risky behaviour including password sharing with colleagues, visiting dubious websites, clicking on suspicious links and removing information from the company. Yet just 12% believed they were the main cause of security problems.
This “us versus them” dynamic between senior managers and younger employees needs to change if organisations want to get smarter about managing cyber risk.
Woody and Kleiny
We found out a lot from chatting to Woody and Kleiny on stage. As social media sensations with over a million followers on Facebook and Instagram, and YouTube videos which have garnered more than 50 million views, many of their fans will be part of the next generation workforce.
Their profile online has made them very keenly aware of the threats facing them from cyberspace. Woody claimed the impact of a security incident “could be massive,” with the duo having already experienced first hand an attempt by hackers to delete all of their Instagram followers and posts.
Kleiny also explained a highly convincing spear-phishing attempt which tried to trick them into visiting a spoof domain to divulge their log-ins. The same attack campaign had lost a fellow creator 100,000 followers after hackers hijacked their account and began posting.
It’s certainly taught them the value of multi-factor authentication and of not sharing any sensitive account information online. And while it’s perhaps unfair to treat Woody and Kleiny as representative of the next generation workforce, their outlook does align with that of many younger employees, as illustrated in our report.
How? In their grasp of social media, their understanding of and easy familiarity with technology in general, and their assumption of an always on, connected world in which to work.
Most telling, though, was their statement that “Instagram is our security:” betraying a commonly-held desire among next generation workers to abnegate responsibility for cyber protection to a third-party. In fact, less than half (48%) of younger employees we polled said they took partial responsibility for their role in online security and privacy at work.
Closing the security gap
The truth is that next-generation workers don’t represent a bigger security risk. Although some of the vox pop videos gathered by Centrify revealed poor security practice, such as using a single password across all accounts, it equally highlighted instances of poor implementation of corporate security policies and controls.
One interviewee claimed her boss sets her passwords, while another said that as a temporary secretary she has to hunt for the previous incumbent’s log-ins in each new role.
The reality is there needs to be a little movement on both sides to close the generation gap here. Decision makers must take the lead, starting with better end user education. But they should also do a bit of learning: only 39% told us they’re sure that they are doing enough to understand younger workers, while a fifth of senior managers said they don’t communicate with employees on security.
Decision makers need to lead by example: by improving their own security practices, and crafting and enforcing best practice controls backed up with watertight policies. In doing so, they must embrace the always-on, connected world taken for granted by Woody, Kleiny and the younger generation of employees.
Our poll revealed that 22% of managers are worried that young staff members expect immediate access to data. But they’re quite right to expect this. In fact, any dynamic digital organisation should be offering instant access.
The key is to enable it securely, which is where Zero Trust Security comes in: moving to a “never trust, always verify” posture, where users are authenticated, devices validated, privileges and access limited, and machine learning implemented to adapt security over time.
There’s plenty of room for improvement here, and plenty at stake too. So let’s diffuse the ticking time bomb by encouraging greater personal responsibility for security among younger workers and plugging in the tools that enable them to work in the agile, always-on way they’re increasingly demanding.
To read the complete report, download “Security, Privacy and the Next-Generation Workforce” here: https://www.centrify.com/media/4908531/cenrify_next-gen-workforce-report_final.pdf