Millennials Pose Significant Risk to IT Security, Reports Forcepoint

The results from a recently published Forcepoint survey shows millennials are placing the security of their organizations at risk by engaging in risky behaviors. The survey showed millennials were more likely to take short cuts to improve productivity, even though those behaviors placed security at risk.

Forcepoint says action needs to be taken now to prevent the attitudes and behaviors of the younger generation from taking hold, especially in government organizations. The failure to address security issues could place U.S government IT systems in jeopardy.

The study was conducted on 670 individuals and assessed attitudes and behaviors that increased the risk of cyberattacks, malware infections, and data breaches. The survey showed that millennials were regularly using unsecured WiFi networks for work without the use of VPNs. Password sharing was common, as was the belief that cybersecurity was an issue for IT departments to deal with.

The survey suggests millennials believe they are well educated in cybersecurity matters and are confident about their level of security awareness. However, that security awareness is often not put into practice and technology is being used in a highly risky manner.

Among the risky behaviors was the use of personal devices for work purposes, including the downloading of company information onto mobile devices that lack security controls. Third party apps are commonly downloaded onto devices to help employees be more productive at work, but little regard is given for security. The use of this ‘shadow IT’ means IT departments are often unaware of the risks being taken by the workforce.

The survey showed that millennials understand the need for using strong passwords to hamper brute force attacks, yet many were guilty of using the same passwords across multiple platforms and apps and for personal use as well as work. Further, those passwords were often shared with others even after a breach of sensitive data had occurred.

Forcepoint also surveyed federal security officers to find out what changes are being made to improve security and eradicate risky behaviors but, in many cases, little was being done to tackle the problem. When changes are made they are applied agency by agency and there is no overall strategy in place. The main way the issue is tackled is through security awareness programs, which emphasize how certain productivity-improving behaviors involve a dangerous trade-off with security.

“The data resulting from the survey highlights important attitudes and risk factors that can help agencies adapt cybersecurity programs with millennials in mind, fully capitalizing on their creativity and energy while preventing them from becoming accidental insider threats,” said Forcepoint’s Chief Strategy Officer and Federal Division President, Ed Hammersla.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.