Thirty-eight percent of Gen-Y professionals, those aged 18 to 30 years old, are unaware of, or don’t believe, their company has an IT security policy, whilst a further 30 percent of those who are aware of the existence of an IT security policy do not know what it is. Half also believe it’s nearly always their organization’s sole responsibility to ensure the safety of data.
In addition, young professionals showed a naivety towards the sensitivity of data and its value to cybercriminals. Almost a fifth believe an attacker would be able to do nothing with their company’s data if stolen or a device hacked, whilst only half believe hackers would be looking to sell their company’s data.
Just over 50 per cent are also unaware that stolen data could be used against their company, and 70 per cent that hacked devices can be manipulated to make further future attacks. A complete lack of concern over the effects upon their company and its data if a work device is hacked, lost or stolen is also apparent in almost a third of young professionals.
Forty-four percent of young professionals have connected, or are unsure if they have connected, their own devices, potentially infected with malicious malware, to their company’s network. Forty-seven percent also use work devices for personal use, with one in ten lending these to people outside the organization.
The need to ensure only secure devices are allowed access to their company’s networks was also completely disregarded by a tenth of young professionals who admit they may have shared access to their company’s network with third parties.
Technical Director of ESET UK, Mark James, said: “Young professionals are the most tech savvy when it comes to personal brand, yet when it comes to transferring that same shrewdness to their business lives, they are arguably some of the most unreliable. This highlights a need for IT security teams to engage with younger employees in the creation of policies that suit the needs of both parties.”
“More likely to blur the boundaries between work and personal devices, Gen-Y are the early adopters of new technologies; often more blasé about security practises as they’ve been brought up experimenting with technology and sharing personal data via social media.”
18-24 year olds seemed even less engaged and more risk-prone than 25-30 year olds. The very youngest members of the workforce were more likely to lend work devices to friends or family, and three-times more likely to have intentionally shared non-guest access/passwords to their company’s network.
Mark James continued: “If younger workers are connecting their own devices to the network, one approach is for organizations to ensure they have appropriate personal security. This could be aided through choose-your-own-device policies which place more control back into the hands of the IT team. Employees accessing the network through their own devices are given a choice from a select set of products with adequate and regularly updated home security already installed on these devices”
The want to engage with IT security teams to develop policies is wanted by a large number of young professionals. Nationally, a quarter would like a voice in the development of their organization’s policies towards IT security. However, attitudes do vary across the country. Only 11 percent of young professionals in East Anglia, and nine percent in Northern Ireland, would like more say in how their company develops its IT security policies, compared to nearly 40 percent in both Wales and the East Midlands.