Millennials don't care about security
It's time to bust the myth. Millennials do in fact care about their security and online safety but are too trusting to recognise real threats.
I often hear this sentiment expressed in conversations with both IT and security executives.
It is implied that this younger, tech-savvy generation, who have now become an integral part of the business community, have a laissez-faire attitude to security. Moreover, the current generation of business leaders are reportedly struggling to properly integrate millennials into existing legacy security and risk frameworks.
The rising number of millennials in the workplace is often viewed as a major risk because the so-called "youngsters" don't take cyber security at work seriously enough. It is implied that they simply do not care!
I am not so convinced.
The modern workplace is an interesting environment and in my opinion it is unique. There are three distinct categories of people who have to combine/collaborate and augment each other's skills, if they are to generate ongoing value for a business. The business operates in, and is part of, a hyper-connected world and all three of these work categories have different knowledge, acceptance and understanding of technologies.
I break it down as follows:
The BBT category: Born Before Technology
This generation is more commonly known as the Baby Boomers. BBTs trust nothing around technology and often have difficulty adjusting to the thrust of modern solutions, especially around cloud technology and automation.
The BAT category: Born Around Technology
This is generations X and Y and while not being completely immersed in technology, this group is still young enough to adapt and adopt technology as it evolves. This group is said to perceive that modern technology and specifically cloud offerings are inherently risky. I would interpret this to mean they have a need for total control. This generation works with technology, but doesn't always trust it.
The BWT category: Born With Technology
This includes millennials and everyone younger. This generation, in contrast to the others, knows nothing but technology. They have always been connected to everything around them and have a natural trustworthy attitude towards all things technological and connected. This group knows nothing else: if they want friends, music, content, connectivity, entertainment, it is there for them instantaneously and on-demand. They can always get what they want at a swipe or a click. The BWTs are the first generation to have grown up using the Internet.
As they have been surrounded by technology from birth, they have grown to place immense and seemingly unwavering trust in all things technological.
Studies indicate that millennials are decidedly tech-savvy, even tech fundis, but surprisingly unaware of online security threats. Indications are that familiarity does breed contempt.
This naivet'e may be a contributing factor to the results of a 2013 survey by Marble Security, a mobile threat intelligence defence company in the US, that found 26.2% of young adults born in the US between 1980 and 2000 have had an online account hacked as compared to the national average of only 21.4%.
Studies also reveal that millennials engage in what can only be described as reckless online behaviour by connecting with public WiFi networks not secured by passwords, or using USBs given to them by non-trusted sources.
It would appear that many view security as a restriction to speed and access; they just want to get the job done and as quickly as possible.
To test whether millennials really do not care about security I decided to do something that my generation, the BAT crowd, doesn't usually do: I spoke to the BWT!
I found out that for the most part millennials' apparent indifference to this crucial issue is a false perception. The millennial does in fact care about cyber security; it just seems to be unclear in their frame of reference.
As they have been surrounded by technology from birth, they have grown to place immense and seemingly unwavering trust in all things technological. They have built in trust on connected platforms and people.
For example, if they are willing to share their lives with the world through social media, why would they not trust a stranger sending them an e-mail to their business e-mail address, especially if it is well-worded and professional?
Additionally, the younger generation do care about their security and online safety, but are willing to swipe right (the social media gesture for acknowledging a 'like') based on a single image because the unfamiliar profile comes from one of their known and trusted sources.
So in a nutshell: yes, millennials do care about their security and online safety but are perhaps just too trusting to recognise real threats.
The same concept can be applied to the business environment, where millennials are not adequately educated about security risks because technology does not scare them. The BWT cannot identify with security policies and acceptable use policies because they are simply thrust upon them without explanation. Obsessed with instant gratification, the BWT will not understand why they cannot simply click to get a movie or piece of music or perhaps take up that great "free" offer.
So, threats need to be addressed within their frame of reference.
Modern businesses must adapt to both the changing world and to those that make up their workforce. The BBT and the BWT cannot be dealt with in the same way. Awareness programmes must be adjusted to engage at the correct level and real-life scenarios must be used in order to deliver the right message.
Using a combination of policy, training and real-life simulations, we can ensure there is a peaceful and secure co-existence between all generations within the corporate ecosystem.
John McLoughlin has been involved in leading technology solutions for over 15 years and is the founder and MD of the J2 Software group of companies. He is driven by a passion for information security and compliance-focused technology offerings. McLoughlin has consulted around ICT policies, enforcement, productivity improvement, cost reduction and data loss prevention to many organisations in South Africa and elsewhere on the African continent. Through his vision, J2 Software is a provider of globally leading technology solutions that fulfil real business needs and deliver competitive advantage to J2's customers.