New survey reveals senior managers are finding it harder to understand the next-generation workforce, which is making it difficult to assess and guide attitudes to security and privacy at the office
In a bid to measure what managers think of the next-generation workforce’s approach to security and to compare it to real-world attitudes and practices, Centrify working with UK survey group Censuswide, interviewed 1,000 UK office workers aged 18-24 and 500 senior decision-makers (excluding sole traders) who spend at least 25 per cent of their time in the office.
The research found a significant gap between perception and reality in managers’ views of younger workers, along with a lack of action among senior decision-makers to fix cybersecurity problems within their organisations.
The main culprits
One data point that stood out in the survey was executive concern around younger employees’ security consciousness.
More than one-third of senior executives believe that younger employees are the ‘main culprits’ for data security breaches in the workplace. The study also revealed that these same decision-makers are doing very little to allay their own fears, with over a third of 18-24-year olds able to access any files on their company network and only one in five having to request permission to access specific files. Less than half (43 per cent) have access only to the files that are relevant to their work.
While password sharing tops the list at 56 per cent as to what keeps decision-makers awake at night, 29 per cent of younger workers reveal that they are in the driving seat when it comes to password changes with their employers leaving it to them to decide when they need a password change. Furthermore 15 per cent of them admit to freely sharing passwords with colleagues.
Attitudes to online behaviour
When they do want to share, social media is the channel of choice for next-generation workers, and this stood out as a risk factor that worried decision-makers.
47 per cent of decision-makers worry about younger employees sharing social media posts and the impact these could have on brand and reputation. Conversely, one in five workers are not bothered about how their social media activity might affect their employers and 18 per cent freely admit that their posts could compromise employers’ security and privacy policies. Less than half say their company has social media guidelines in place, highlighting the need for strong social media access controls that follow the principles of a ‘Zero Trust’ approach to security, which assumes that users inside a network are no more trustworthy than those outside the network.
The next generation of workers’ ‘always on’ approach to technology with no experience of an off-line world further reinforces the need for robust security policies. When it comes to this generation of workers, 40 per cent of decision-makers are concerned about their misuse of devices, while 35 per cent say they are too trusting of technology and 30 per cent worry they share company data too easily.
While 79 per cent of decision-makers report having a strong security policy in place and 74 per cent of them think that their employees abide by it, over a third (37 per cent) feel that young workers are too relaxed about security policies.
Barry Scott, CTO EMEA, Centrify. said: “Some may think of younger workers as always online, always ready to share information and perhaps not being as concerned about privacy or security as older workers, but we must remember they are the business leaders of tomorrow and we must help not hinder them.
“While it’s clear that employers are concerned about this new generation entering the workforce and see them as a potential risk to both the business and brand, these same companies are perhaps guilty of not putting in place the right security processes, policies and technologies. If you give employees access to any information at any time from any place, or fail to enforce strict password and security policies, they are likely to take full advantage, putting both their own jobs at risk as well as the company itself,” he added.
Managers’ assumptions that next-generation workers are the root of cybersecurity problems in the workplace may be overstated, but there are some areas, such as social media use and password management, where younger workers do need extra mentoring. Decision-makers can do more to address this problem by putting technical controls in place, refining security policies and communicating them effectively to employees. Equally important is leadership and the need for decision-makers to set a good example. If managers can demonstrate a commitment to security through their own policies and actions, then the next-generation workforce will surely follow.