Cisco recently announced that according to their global study, seven out of 10 young employees frequently ignore IT policies, and one in four is a victim of identity theft before the age of 30.
What does this say about a new generation of employees?
They need to understand the purpose of IT policies and the importance of these policies for both the organization and the individual. On-demand access to information is an essential part of this generation’s lives, and according to Cisco, these employees will do what they must to access the Internet, even if it compromises their company or their own security. This includes using or sharing their neighbors’ wireless connections to save money on their own service or going to random businesses and accessing their connections.
While the use of others’ Internet may save some money, it comes at the expense of security. These same laptops used at Internet cafes and with the neighbor’s Wi-Fi are used to update business files and contact employees and clients. This opens the door for an organizational compromise with the use of unprotected Internet access.
This report supports why I believe on-demand security awareness training is vital for an organization. This generation needs to be aware of the risks and the measures needed to prevent a security compromise.
I know a college student who told me her university will insert students’ USB devices, left behind by accident in the computer lab, into one of their computers to see if the student’s name is on the device. The student is then notified via email that the device has been found. Students then re-enter them into their computers.
I see several concerns here. First, how does the university know the USB left behind is not a trap? This is placing university information at risk. Second, how does the student know someone did not take the USB while it was left behind and compromise the security of it? Then when they put it in their computers, a virus is downloaded. This generation seems to trust that no one would do such a thing until it’s too late. While this can be seen as a college policy flaw, it can also be a reason why these students go into the professional world without a security conscious mindset.
They’ve been educated in their craft, but now they need to be educated in Security Awareness. Young professionals are a huge asset to an organization, and offering Security Awareness Training to them and showing them the importance of IT policies will enhance their professional development as well as their secure performance in your organization.