Oh the folly of youth; more than a third of senior executives believe that younger employees are the “main culprits” for data security breaches in the workplace, although bosses do not escape the blame as they appear to give youngsters unfettered access to the most sensitive data companies hold.
A new independent study into attitudes of the next generation workforce about cybersecurity, commissioned by Centrify and carried out by Censuswide, sought the views of 1,000 18- to 24-year-olds and 500 decision makers in UK organisations.
While bosses overwhelmingly blame the youngsters, these same decision makers are doing very little to allay their own fears, with over a third of 18- to 24-year olds able to access any files on their company network and only one in five having to request permission to access specific files. Less than half (43%) have access only to the files that are relevant to their work.
When it comes to what keeps decision makers awake at night, password sharing tops the list (56%), but nearly a third (29%) of younger workers reveal that they are in the driving seat when it comes to password changes, with their employers leaving it to them to decide when they need a password change. Furthermore 15% of them admit to freely sharing passwords with colleagues.
Asked how younger employees could negatively affect the workplace, 47% of bosses worry about them sharing social media posts and the impact these could have on brand and reputation. Conversely, one in five workers are not bothered about how their social media activity might affect their employers – and 18% freely admit that their posts could compromise employers’ security and privacy policies.
Less than half say their company has social media guidelines in place, a factor which the report’s authors insists highlights the need for strong social media access controls that follow the principles of a ‘Zero Trust’ approach to security, which assumes that users inside a network are no more trustworthy than those outside the network.
The next generation of workers’ “always on” approach to technology – with no experience of an offline world – further reinforces the need for robust security policies. When it comes to this generation of workers, 40% of bosses are concerned about their misuse of devices, while 35% say they are too trusting of technology and 30% worry they share company data too easily.
Centrify chief technology officer EMEA Barry Scott said: “Some may think of younger workers as always online, always ready to share information and perhaps not being as concerned about privacy or security as older workers, but we must remember they are the business leaders of tomorrow and we must help not hinder them.
“While it’s clear that employers are concerned about this new generation entering the workforce – and see them as a potential risk to both the business and brand – these same companies are perhaps guilty of not putting in place the right security processes, policies and technologies. If you give employees access to any information at any time from any place, or fail to enforce strict password and security policies, they are likely to take full advantage, putting both their own jobs at risk as well as the company itself.”
Top brands caught with trousers down on email security
Firms warned over new wave of nefarious cyber attacks
UK firms ‘leaving themselves wide open to ransomware’
Rehab camps to turn hackers into cybersecurity experts
Data breaches ‘hit shares, sales and growth for years’
25 million UK adults in the dark over theft of their data
Bargain hunters urged not to get hooked by phishing