Expectations to the contrary, digital natives are often guilty of sloppy cyber security habits
It will come as no surprise to anyone even vaguely aware of today’s changing social order that a new digital generation is rapidly taking over the corporate world. Seemingly overnight, this demographic cohort born between roughly 1980 and 2000, has become the largest generation in the North American workforce. And according to statistics from the UN, more than 40 percent of the world's population is under the age of 25.
At the same time a profound shift is happening in the way we work and the means we use to get it done. Technology and mobility have spawned a whole new set of workaday tools that a decade ago only existed in the minds of science fiction writers. Meaning this new generation of workers and these new workplace tools were made for – and by – each other. So it should logically follow that this tribe of digital natives should be more sophisticated in matters of cyber security.
However in a classic case of familiarity breeding contempt, those same Generation Y workers may be among the most cavalier when it comes to digital precautions, and as a consequence may leave their organizations more vulnerable to attack. This according to a new research from T-Systems, the corporate IT and cyber-security arm of Deutsche Telekom, Europe's largest telecommunications company. The study finds that Millennial employees are much more likely both to overestimate their knowledge and to employ unsafe practices.
The findings come from a survey of over 2,000 UK employees conducted for T-Systems by research agency Censuswide. The research found people in their twenties and early thirties are much more likely to consider themselves better-informed about cyber security than their older colleagues (about 50 percent rate themselves as "very knowledgeable" compared to an average 36 percent of all employees). But that confidence is perhaps misplaced. On detailed questioning, the research found that Generation Y employees were often less knowledgeable than their colleagues and more likely to undertake unsafe cyber security practices at work and at home, unwittingly exposing their work and home computers to viruses, malware and hackers.
For instance, they are less likely to change their passwords every few months (about 73 percent don't do this, compared to about 65 percent for older colleagues) and much more likely to reuse their e-mail password for other online services (about 32 percent compared to an average of 21 percent for all employees). The same overconfidence also applies to many male employees as well, who may overestimate their cyber security knowledge compared with female colleagues.
"While no age group is exemplary when it comes to cyber security, whether at work or at home, the 'digital natives' of Generation Y, perhaps surprisingly, appear to be less security conscious than their middle-aged and Baby Boomer colleagues,” according to Scott Cairns, the UK head of cyber security at T-Systems.
"Our research strongly suggests the problem lies with an overconfidence that comes from their very familiarity with electronic devices and the digital world. Generation X and Baby Boomer employees, compared to those in their 20s and early 30s, are often more cautious about their knowledge of IT and seem much more willing to tread carefully and follow cyber security protocols,” Cairns explains.
Courting DisasterWith cyber-attacks and high-profile breaches making headlines, the risks of being hacked are rising exponentially and the potential losses – both in financial terms and in damage to reputation – can be staggering. In September 2017, consulting giant Deloitte, which was once considered a top cyber-security consultant, reported a hack that went unnoticed for months. In May, credit monitoring agency Equifax admitted it had suffered an attack that exposed the personal data of 143 million customers.
Nor are these incidents either isolated or limited to large corporate targets. According to Urgent Technology, a global facilities maintenance and asset management software provider, hackers have breached half of the 28 million small businesses in the United States, and the CNBC SurveyMonkey Small Business Survey 2017 found that 14 million US businesses are at risk of a hacker threat.
Business travelers, with access to the entire corporate back-end through their mobile devices, take the virtual equivalent of their entire company with them on the road. Because, as the Urgent Technology report states, “a particular area of vulnerability is access by end users to any part of the network,” it is critical that travelers in particular receive training on what habits could compromise organizational security and enable hackers to exploit networked systems.
Scott Cairns at T-Systems agrees: "Cyber security education is essential for all employees, and employers should avoid making the mistake of overestimating security knowledge, especially in people who appear confident." However he adds, “our research found that despite the pace at which cyber-attacks are evolving, 66 percent of employees had received no up-to-date education within the past twelve months. Nearly 30 percent of employees say they have never had cyber security education at any employer."
The problem is not generational. Business travelers regardless of age are dependent on their devices to give them flexibility and enhance productivity on the road. But overconfidence and poor choices about cyber security can bring about a self-inflicted disaster that not only robs travelers of these valuable tools, but can cause widespread and oft times grave injury to the entire enterprise.