By Surendra Singh, Country Director, Forcepoint
Alistair Maclean, the author of several thrillers, wrote a page-turner way back in the sixties, called the `Fear is the Key’. It is a tale about how fear can make your powerless but for the millennials who populate the cyber world, they know no fear.
Fearlessness is what makes the Millennials unique and gives them an ability to innovate and invent and at the same time their need for instant gratification makes them vulnerable, more so during their sojourn in the cyber world.
The millennials (those born after 1980) constitute one-third of the total workforce globally and by 2020, they will account for nearly half of that. The ever growing population also indicates that as an alarming rise in the number breaches come to light, it becomes important for the stakeholders to formulate policies which allows them to derisk their security concerns.
According to the findings of research firm, Softwareadvice, the millennials tend to ignore the dangers that lurk around when it comes to password reuse and are also risk-prone with social media use. What is more alarming, according to the survey, is the fact that more than half of them admit they would ``very’’ or ‘’ moderately likely’’ evade restrictive workplace controls. This is compounded by their reluctance to receive security training.
Personal activities lead to security breach
Another report from LaunchTech commissioned by cyber security firm, ForcePoint, said two thirds of those surveyed use personal device for their private and company work, while nearly one – third said they access social media at work.
The report goes on to add that one-third download third-party apps for productivity, use wifi to conduct banking transactions while one-fifth, shockingly, do not notify the IT department about those apps. That such behavior has resulted in security breach several times shows that the millennials are turning out to be incorrigible offenders.
These findings bring to question whether the employers themselves are fully aware of the risks their ``young’’ workforce pose to their respective organizations. Hence, according to cyber security gurus it is all the more important to identify the risk takers during the initial screening itself.
According to the US-based National Cyber Security Alliance, millennials aren’t naïve about the risks their behavior entails but it has also not paralyzed them from doing what they want to do.
The fact that the social media account of the founder of Facebook, Mark Zuckerberg got hacked last year shows that almost everyone is at risk. More so the employers and their organizations who use cloud more as a default to store their secrets and at the same time encourage their clients to use them extensively to drive their business growth.
Therefore, it becomes all the more necessary for everyone concerned to ensure that their workforce is made aware of the dangers of being lax in the cyber world; that the millennials’ comfort with technology can lead them to ignore security threats.
Security risks associated with cloud apps
According to an article in Fortune magazine quoting SoftChoice, a leading North American IT solutions provider, over 40 per cent of workers in all age groups say they’ve never been told how to securely move and store private company data, and 39 per cent “have not been told the risks of downloading cloud apps without IT’s knowledge.” The millennials are also not averse to point a finger at their respective IT Departments who they claim are too slow to approve their choice for using cloud-based apps.
This begs the question on what the stakeholders need to do to keep a check on those who tend to stray and make them to rein in.
They can for starters do the following: they can organize seminars or even offer short term training courses to make them aware of the perils of such ``unlawful’’ behavior in the cyber world; they can also bring in new rules which monitors them throughout the tenure of their employment and repeatedly correct them in case their behavior is about to result in security breach. The employees can also be allowed to work from anywhere they want and from any device they want to but the organizations should ensure that they control the access and grant them only when necessary.
The employees should be informed in advance the apps they can download, the areas they can visit in the cyber space and stick to only reputed marketplaces. They should also be made aware about the pitfalls of oversharing which the Millennials are prone to. The employees should also be encouraged to change passwords frequently and use different passwords for each account as in most cases seen so far, hacking of one can lead to another. They should also be asked to regularly check the privacy settings of their different accounts as this is an area where most employees are unaware of the damage that they cause for being casual.
But in an era where skilled manpower is a luxury, it is not easy to replace a worker, especially those who are good otherwise. Therefore, it is necessary to provide them additional tools such as password managers, two-factor authentication and even anti-phishing training which will only increase the loyalty among the employees.