As the younger, “millennial” generation makes its way into the workforce, security experts are concerned that this group’s attitudes toward privacy, combined with expectations regarding what devices and apps they can access at work, will bring new cybersecurity challenges to the workplace.
According to Software Advice, this group (defined as those born after 1980), have the worst password reuse habits of all demographics: A full 85% admit to re-using credentials across sites and services. They are also most likely to find security workarounds, and take an often cavalier attitude towards social media privacy.
In terms of the scale of the potential problem, in 2015, the firm noted that millennials will become the largest demographic in the workforce, with a population of more than 75 million.
Some say that as such, the entire cohort represents a new attack vector, emanating from the inside. Author and security expert Steven Weisman told Software Advice that he considers millennials “a tremendous risk to the data security of their employers.”
On the passport front, millennials use more online services and apps than their parents and grandparents, and thus have a greater quantity of passwords to remember. So, Software Advice points out that employees can be encouraged to use password managers, which create unique credentials for all accounts, but that can be managed through one, strong master password.
Businesses can also implement two-factor authentication, which combines a password with a randomly generated number that is sent to the user and that changes at each login, thus rendering compromised credentials useless.
But regardless of what password protections are in place, the report points out another potential security problem associated with millennial employees who tend to have a “‘just get the job done” mentality. Namely, they look for ways around security if they perceive security as a barrier. In fact, a full 56% admit they would be “very” or “moderately” likely to evade restrictive workplace controls.
Interestingly, 15% of millennials say they are “very likely” to find a way around security controls they consider too restrictive, versus 13% each of Gen-Xers and boomers. But the results for “moderately likely” tell a different story. Here, 41% of millennials—versus 29% of Gen-Xers and 15% of boomers—say they are willing to consider finding a workaround.
“Perhaps facility with technology is the significant factor here: A generation with greater familiarity with these tools is more likely to consider each situation on a case-by-case basis, whereas those without the required skills will not even try,” the analysts said in the report.
Paul Caiazzo, chief security architect for risk management and compliance firm TruShield Security Solutions, said in the report that, “tech-savvy employees” are adept at finding tools to circumvent (for instance) restrictions placed on their social media use. However, he adds that even if a corporation does succeed in blocking all social traffic, it “runs the risk of alienating these young professionals.”
Users may also be sending confidential information outside the network, Caiazzo continued. Here, the “most mature organizations combat the problem by combining endpoint monitoring with intelligent content-based filtration and alerting businesses when sensitive information goes AWOL, but “this technology must be well-configured and must not be seen as a silver bullet.”
Speaking of social media, it’s known that this can provide criminals with a rich trove of information to be deployed in phishing attacks on businesses. Some experts fear that millennials’ more relaxed attitude toward online privacy increases this risk.
Weisman explained, “Millennials are tremendously comfortable with, and active users of, great amounts of social media—but unfortunately, do not often do so with the proper security precautions, which can lead to data breaches.”
However, it should be said that in this sense, risky behavior can be found across demographics: 16% of millennials and 14% of Gen-Xers accept social media invites from strangers “most of the time.”
“People who grew up oversharing on social media often do not comprehend, from a practical level, the full gamut of what they should not be sharing—even after being told of privacy and confidentiality policies,” says cybersecurity expert and Forbes contributor Joseph Epstein. “They simply do not have the same sensitivities as prior generations.”