(Last week we featured a Vlog on coffee shop IT and Gen Y. It's such an interesting and timely topic that we decided to dig a little deeper into generational security challenges and the importance of MFA.)
Your youngest and brightest employees may turn out to be your biggest security headache.
Millennials--those energetic employees ages 18 to 34--hold the greatest risk to data security over other age groups, according to a report by Absolute Software. Why? Younger employees tend to have lower expectations of their own responsibility for corporate security than their older colleagues, according to the study, which surveyed more than 750 U.S. workers who use employer-issued laptops, smartphones and tablets.
Perhaps even more frightening is that half of all employees surveyed say that data security is not their responsibility. And 30% believe there should be no individual penalty at all for data lost from a mobile device. If thieves can crack the password, there go the keys to your digital kingdom!
Millennials just have a different perspective on how technology is being used, says a study spokesman. There's a cultural divide in organizations between older employees, whom researchers call "digital immigrants," and new workers, dubbed "digital natives," who grew up with mobile technology. Millennials blur the lines between work and home when it comes to mobile devices, and they take all sorts of security risks, sometimes knowingly but often unknowingly, on their laptops, smartphones and tablets.
Since nearly half of the workforce will be made up of Millennials by 2020, companies will have to adapt their security policies to accommodate their mobile practices. It also points to the need for multi-factor authentication. Here are some of the more interesting findings:
Millennials use employer-issued mobile devices for personal use.
Some 64% of younger employees check their social media or do online banking with their work devices, according to the study. While 37% of Baby Boomers (ages 51-65) are guilty of this, too, the difference is the level of risk to the company. Boomers are more likely to send emails to a spouse or check sports scores, while Millennials use more social media apps.
Millennials access more 'Not Safe For Work' content.
When it comes to social media sites where malware and phishing scams lurk, gaming sites, online shopping or video streaming, more than a quarter of Millennials access this not-safe-for-work content on company devices, compared with 15% of Gen Xers (ages 35-50) and 5% of Boomers.
A quarter of Millennials believe they compromise IT security, but do little about it.
Younger respondents more often admit to compromising company security while using their devices than other age groups. They assume the IT department is taking care of data security, and they believe they have no responsibility when they take devices that contain or have access to corporate data outside of the office walls.
Obviously, education is a big component in helping young people become aware of their security responsibilities. But if you want to attract and retain young talent, you have to choose your battles when it comes to mobile policies. Let them map their own drives or personalize their wallpaper or screensavers, for instance, but stand firm on identity and access management policies.
Single sign-on (SSO) and multi-factor authentication (MFA) can go a long way in saving maverick mobile workers from themselves. SSO allows enterprises to collapse a collection of weak passwords to a single corporate credential. The user signs on once and then all other application sign-ons are handled behind the scenes using secure tokens (usually SAML), which improves security and user productivity.
MFA requires a user to prove their identity in more than one form before accessing company data, such as entering a time-allotted, unique one-time passcode (OTP). Today's MFA technologies are using the mobile devices themselves as one authentication factor by taking advantage of biometrics (thumbprint), voice or other identifying factors on the device. Mobile-based MFA is cost effective, easy to implement and integrate into a single sign-on environment, and perhaps most importantly, is easy for employees to use.
With mobile-based MFA, users simply follow a prompt to swipe or provide a thumbprint by the MFA app on their mobile device. Once a user authenticates with this second factor, they are able to access their apps through SSO. It's also easy to use for IT administrators and allows companies to implement strong authentication to legacy and cloud applications using a mobile MFA app.
So give Millennials (and all of your employees) freedom to roam with their mobile devices, knowing that you've got them covered with identity and access management and MFA.