Why Your Youngest Staff Are Your Biggest Security Risk

It’s common knowledge that employees are the weakest link in corporate security, with their poor practices being responsible for 65% of the causes of data breaches. However, a study by Absolute has found it’s actually a subset of users, Millennials, who are the worst offenders and pose the greatest risk to your organisation.

With nearly half of the workforce expected to be made up of Millennials by 2020, adapting security policies to accommodate the practices of this subset of users is critical to mitigating data breaches.

Who are Millennials?

Aged 18-34, Millennials will soon represent the largest living generation. They are the first, true digital generation who have only ever seen a world augmented with technology. By 2019, Millennials will account for 17 million of the UK’s population!

Why Are Millennials the Greatest Threat?

Millennials grew up in a tech-filled and increasingly socially-connected world. A consequence of being digital natives is the tendency to instinctively trust and embrace technology, rarely treating it with suspicion. Their confidence with technology, while a benefit in aiding the adoption of tools that improve productivity, can spill into unsafe practices, gullibility and misplaced trust. More than any other age group, Millennials are guilty of using business devices for personal use, taking more risks and a staggering 50% of them don’t believe security is their responsibility.

1. Not My Problem

Millennials don’t tend to see the security of their devices and data in their possession as their responsibility. Older employees, on the other hand, are much-more likely to assume personal responsibility and take greater caution as a result. Millennials’ ‘not my problem’ outlook can lead to a more blasé attitude to securing their corporate devices. The Absolute investigation found that 50% of Millennial employees felt security was not their responsibility, with 30% believing there should be no penalty for having sensitive business data lost or stolen from their mobile device.

2. Personal Use

The divide between home and work is more blurred than ever, with personal and corporate devices used for both work and play. While all age groups will use corporate-owned devices for personal use, Millennials do it more, and their types of online activity tend to carry greater risk. 64% of Millennials use corporate devices for personal use. While 37% of older employees (ages 51-65) do this too, these employees tend to use their corporate devices to call or email their partner, whereas Millennials tend to use social media or dating apps which carry a greater degree of risk.

3. Not Safe For Work (NSFW)

While everyone has used a corporate device for non-work use, Millennials’ surfing habits tend to have more significant risk attached – the greatest risk of all coming from websites that are Not Safe For Work (NSFW). It is on these types of websites/apps that malware and scams typically reside, where the chance of employees being phished for passwords is high. More than 25% of Millennials access NSFW content on company devices, compared to 15% of those aged 35-50 and 5% of those aged 51-65. 

Worryingly, 25% of Millennials actually believe they compromise their company’s IT security on an on-going basis, but don’t do anything about it.

The assumption amongst Millennials is that ‘someone in IT’ will be taking care of security risks, and it isn’t their responsibility to care or do anything about data security.

How to Solve a Problem Like Millennials...

Forcing a significant change in user behaviour doesn’t work and any solution that makes life more difficult for users tends to result in them bypassing the solution where possible.

To solve the problem, accepting that users won’t significantly change their working habits and focusing on simplicity is key. You can mitigate the risk by deploying a solution that leverages how employees currently do their job, reducing the burden on them to manage passwords, while introducing behind-the-scenes security, effectively saving Millennials from themselves!

Reduce Passwords

Passwords… the bane of everyone’s life. Solve the problem of Millennials having to manage passwords by removing the need for them. The mismanagement of passwords is responsible for 65% of data breaches, so the more passwords that can be removed, the more secure your business becomes. To achieve this, passwords can be replaced with token-based authentication (e.g. SAML). This can be done by implementing a Single Sign-On solution that does away with the need for employees to know, type or remember passwords. Users simply remember one set of credentials, to access their device, and are then seamlessly logged into all applications, either through tokens or credentials they don’t need to remember.

Implement Multi-Factor Authentication

Requiring a user to enter a second authentication factor for key application access allows your business to secure company data without compromising user productivity. Users can still work the way they want, accessing corporate applications from anywhere, but being required to provide a second authentication factor dependant on who is the user is, the network they’re using, or the device they are on.

Secure Mobile Access

Enjoy the increased productivity that mobile access affords while ensuring that access is securely provided. Deploy a Mobility Management solution that secures business data while allowing your users to do their job from anywhere, removing the responsibility for end-users to manage their own mobile security.

In Summary

Employees are the biggest risk to any organisation, with 65% of attacks being created by weak passwords, practices & phishing (Verizon DBR). There are the apathetic employees who don’t quite care enough, and the full-on malicious employees who are intent on causing disruption. However, the greatest number of incidents are caused by your youngest members of staff – Millennials.

If there’s one thing to take away from this blog, it’s that security begins with identity. Ensuring the right people have access to the right systems, with the right permissions, and their access is ceased should they leave, will maximise identity and security assurance.

Click the image below to download my TEN Signs You Need SSO.