Millennials are the proof that digital nativeness does not equate to digital-savviness
As millennials are massively entering the workforce, it is not rare to see them depicted as the great generation that is going to deeply transform the way business is done. Born between 1980 and 2000, this “net” generation is the first one to be fully “digital native” and endowed with a supposedly innate sense of how the modern technology functions. As a result, millennials are often praised as highly adaptable and thus as valuable assets for an organisation in a business environment that is constantly being shaken by technology and the digital transformation of society at large.
However, digital-nativeness rarely equates to digital-savviness, and when it comes to InfoSec, the millennials are not quite as “native” as they should be.
Several researchers have outlined the counterintuitive result that growing up in the digital age has made millennials completely clueless about cybersecurity. A recent study by Norton discovered that 44% of millennials have been victims of a cyberattack in 2015. The US National Cyber Security Alliance also found that 72 percent of them had connected to unsecured public Wi-Fi; 52 percent had plugged in a USB device that they got from someone else; and 23 percent of Millennials shared a password with a non-family member within the past year.
So while millennials might indeed be more comfortable using technology than their elders, it does not follow that their behaviour will make an organisation more secure – in fact, some InfoSec experts even suggest the opposite.
Several reasons for this lack of cybersecurity-savviness have been outlined:
- Cybersecurity is still all-too-often seen as a boring, necessary evil that hinders the flexibility and speed that millennials have grown accustomed to and are now bringing into the workplace often at the expense of InfoSec considerations.
- Another reason is a paradoxically overly trusting attitude of millennials towards technology. Being “born in the cloud”, millennials are much more likely to share sensitive information online than their elders who still remember a time when such technologieshttp://corixpartners.com/?p=2673&preview=true did not exist or may value their own privacy differently. Even recent scandals linked to the US NSA or corporate data breaches have generally had very little effect on the attitudes of millennials towards their digital life and their understanding of privacy.
- Lastly, millennials tend to come to work not only with their own devices, but also with their own digital work tools which allow them to work more flexibly and more efficiently compared to the corporate IT solutions or platforms they are being offered. Most IT departments, however, are finding it particularly difficult to keep up with this BYOS trend. As a result, corporate information often ends up on potentially unsecured platforms without the CIO, the CISO or anyone else being aware of it. This is taking the old “Shadow IT” problem to new heights, in particular in the media and creative industries.
The distinction between the private and the professional use of technology seems irrelevant to the “born-in-the-cloud” generation. However, failing to recognise how these two tech worlds fundamentally differ is what will increasingly put organisations at risk.
In this context, there is a role for middle-management functions to teach millennials how to effectively reconcile their digital-nativeness with the cybersecurity best-practices that will keep their organisations safe. But those middle managers themselves have to be clear about what to do and how to coach younger employees. Very often this is simply about showing a good and consistent example: Not sharing accounts, shredding sensitive client documents, etc… Most young professionals will replicate what they see done around them if they feel it makes sense and forms part of the culture of the firm they have just joined.
So can it be that the cybersecurity “problems” of the millennials in the workplace are simply the reflection of the managerial limitations of the anterior generation?