Open all hours

UK organisations are leaving themselves vulnerable to the threat of cybercrime with over a third of 18-24-year-olds able to access any files on their company network and only one in five having to request permission to access specific files. Less than half (43%) are restricted to accessing only the files that are relevant to their work. This is according to a revealing new independent study into attitudes to cybersecurity among the next generation workforce, commissioned by Centrify, a leading provider of Zero Trust Security through the power of Next-Gen Access.

Yahoo, Equifax, and Uber are just some of the high-profile brands hit by breaches during the past twelve months, and younger workers may pose the biggest risk in terms of data breaches to organisations and their brands. Senior executives appear to think so, with more than a third believing that younger employees are the “main culprits” for data security breaches in the workplace. It appears that young workers are posing a real threat to company security with one in ten young of them doing things they shouldn’t online during work hours including gaming, vlogging, blogging, sharing apps and downloading unofficial applications.

The study, conducted by Censuswide, sought the views of 1,000 next generation workers (18-24-year olds) and 500 decision makers in UK organisations to discover how security, privacy and online behaviour at work impacts the lives of younger employees and the companies they work for.

Younger workers are in the driving seat when it comes to password changes, with 29 per cent revealing that their employers leave it to them to decide when they need a password change. Furthermore 14 per cent of them admit to freely sharing passwords with colleagues. Conversely password sharing tops the list of decision makers’ greatest concerns, with 55 per cent saying it keeps them awake at night.

Social media obsessed

In today’s social media obsessed world one in five workers are not bothered about how their social media activity might affect their employers – and 18 per cent freely admit that their posts could compromise employers’ security and privacy policies. Yet 47 per cent of decisions makers are worried about them sharing social media posts and the impact these could have on brand and reputation, while less than half of young workers say their organisations have social media guidelines for them to stick to.

More work is needed to remove this divide, and adopting a ‘Zero Trust approach’ to security – which assumes that users inside a network are no more trustworthy that those outside the network – is clearly a necessity.

 

‘Too relaxed’ about adhering to policies

This new generation of employees entering the workforce has an ‘always on’ approach to technology – with no experience of an off-line world. In the next ten years, 75 per cent of the workplace will be millennials* and organisations can’t afford to ignore them.

The findings of Centrify’s study stresses the need for robust security policies and brings into question the online behaviour of these young workers and the security risk they pose to companies: 40 per cent of decision makers are concerned about their misuse of devices, 35 per cent say they are too trusting of technology and 30 per cent worry they share company data too easily. While 74 per cent of decision makers think that their employees abide by the organisation’s security policies, over a third (37 per cent) feel that young workers are too relaxed about them.

Younger workers are well-informed about the new ‘dark arts’, with decision makers saying they know about the Dark Web (87 per cent), underground hacking (79 per cent) and crimeware (81 per cent). Although around half (48 per cent) say they have strict guidelines in place for employees using these methods, 39 per cent feel they could be better.

“Young workers coming into the workplace today have grown accustomed to having free and easy access to the online world and our research indicates that they don’t tend be as conscious about security,” comments Andy Heather, Vice President and General Manager, Centrify EMEA. “If you give them access to any information at any time from any place, or don’t enforce strict password and social media policies, then they are likely to take full advantage. Companies need to act quickly and put the processes in place to protect against this risk which could pose a very real threat to the jobs of this next generation of workers.

“Our study highlights the very real security risk that young workers pose to both businesses and their brands in a world where employees can be working anywhere, at any time and on an array of devices. Some may think of younger workers as always online, always ready to share information and perhaps not being as concerned about privacy or security as older workers, but we must remember they are the business leaders of tomorrow and we must help not hinder them. The old ‘castle-and-moat’ approach to security is no longer an option and a Zero Trust approach that assumes bad actors are already on the network is essential. Zero Trust Security is really about giving workers freedom when they are working by verifying every user, validating the device they’re working on, limiting their access, and using machine learning to gain insights into their behaviours and risk. With this approach, security will not be compromised, worker agility isn’t impacted, and the chances of a breach will be greatly reduced.”