UK organisations are leaving themselves vulnerable to cybercrime with over a third of 18-24-year-olds able to access any files on their company network, and only one in five having to request permission to access specific files.
Less than half (43%) are restricted to accessing only the files that are relevant to their work. This is according to a study into attitudes to cybersecurity among the next generation workforce, commissioned by Centrify. The study, conducted by Censuswide, sought the views of 1,000 18-24-year olds and 500 decision makers in UK organisations to discover how security, privacy and online behaviour at work impacts the lives of younger employees and the companies they work for.
Who’s to blame for data security breaches?
More than a third of senior executives believe that younger employees are the main culprits for data security breaches in the workplace. It appears that young workers are posing a real threat to company security with one in ten young of them doing things they shouldn’t online during work hours including gaming, vlogging, blogging, sharing apps and downloading unofficial applications.
Younger workers are in the driving seat when it comes to password changes, with 29% revealing that their employers leave it to them to decide when they need a password change. Furthermore 14% of them admit to freely sharing passwords with colleagues. Conversely password sharing tops the list of decision makers’ greatest concerns, with 55% saying it keeps them awake at night.
Social media obsessed
In today’s social media obsessed world one in five workers are not bothered about how their social media activity might affect their employers – and 18% freely admit that their posts could compromise employers’ security and privacy policies. Yet, 47% of decisions makers are worried about them sharing social media posts and the impact these could have on brand and reputation, while less than half of young workers say their organisations have social media guidelines for them to stick to.
More work is needed to remove this divide, and adopting a ‘Zero Trust approach‘ to security – which assumes that users inside a network are no more trustworthy that those outside the network – is clearly a necessity.
Too relaxed about adhering to policies
The findings stress the need for robust security policies and brings into question the online behaviour of these young workers and the security risk they pose to companies: 40% of decision makers are concerned about their misuse of devices, 35% say they are too trusting of technology and 30% worry they share company data too easily. While 74% of decision makers think that their employees abide by the organisation’s security policies, over a third (37%) feel that young workers are too relaxed about them.
Younger workers are well-informed about the new ‘dark arts’, with decision makers saying they know about the Dark Web (87%), underground hacking (79%) and crimeware (81%). Although 48% say they have strict guidelines in place for employees using these methods, 39% feel they could be better.
“Young workers coming into the workplace today have grown accustomed to having free and easy access to the online world and our research indicates that they don’t tend be as conscious about security,” comments Andy Heather, Vice President and General Manager, Centrify EMEA. “If you give them access to any information at any time from any place, or don’t enforce strict password and social media policies, then they are likely to take full advantage. Companies need to act quickly and put the processes in place to protect against this risk which could pose a very real threat to the jobs of this next generation of workers.”
“The old ‘castle-and-moat’ approach to security is no longer an option and a Zero Trust approach that assumes bad actors are already on the network is essential. Zero Trust Security is really about giving workers freedom when they are working by verifying every user, validating the device they’re working on, limiting their access, and using machine learning to gain insights into their behaviours and risk. With this approach, security will not be compromised, worker agility isn’t impacted, and the chances of a breach will be greatly reduced.”