Cybersecurity And The Generation Game
There’s a common assumption that younger generations are more in tune with modern technology than their elders. From 1980s’ teenagers instinctively knowing how to program the VCR to Millennials effortlessly surfing cyberspace, the tech-savvy youngster has become a media cliché.
And yet, according to a recent report by T-Systems, Europe’s largest telecoms company, the kids aren’t all on it. T-Systems argue that Generation Y employees pose the biggest risk to corporate security, simultaneously exaggerating their knowledge and taking unnecessary risks. With people born in 2000 turning 18 and entering the workplace in 2018, it’s important to ensure future generations aren’t as blasé about cybersecurity…
Hacks and stashes
Many companies were glad to see the back of 2017, after a procession of high-profile data thefts and security breaches. We’ll never know to what extent human error or weak coding contributed to high-profile thefts from Yahoo and Equifax, since the organizations in question unsuccessfully tried to cover up what had happened. With their reputations already in tatters, they weren’t going to compound their embarrassment by admitting whether or not these breaches might have been avoidable.
What we do know is that someone left 14 million Verizon customer records on an unprotected Amazon storage server last year, while the NSA – of all organizations – lost control of its own hacking tools. That enabled criminals to install backdoors for the WannaCry ransomware attack, subsequently affecting millions of computers.
The T-Systems survey indicated that human error may have played a role in many other cybersecurity issues last year:
- Generation Y employees are less likely to change their passwords every few months compared to older generations (27% and 35% respectively).
- 30% of 25-34 year-old group reuse their work email passwords for social media and personal accounts, compared to just 13% of over-55s.
- Half of 25-34 year-old group see themselves as ‘very knowledgeable’ about cybersecurity, despite being less likely to turn off Bluetooth in public areas than any other age group.
Train of consequences
While it would be tempting to blame overly confident Gen Y-ers for this situation, employers have to accept a share of responsibility too. The T-Systems team interviewed 2,000 employees last year, most of whom hadn’t received any training or information about online threats in the previous twelve months. Worse still, 30% of respondents said they hadn’t been given cybersecurity education at any point in their career. Training is clearly in short supply, even though the consequences of lax security regularly made the headlines in 2017.
Safety first, safety second
At Midphase, our reputation has been built on providing secure servers and firewalled websites. We understand what it takes to keep information safe, and we believe companies in any industry should be undertaking the following steps as a matter of routine:
- Organize periodic seminars on the importance of data security. Making employees aware of online risks (or reminding them) promotes vigilance and diligence.
- Educate people about the risks of phishing. From cloned websites to bogus emails, explain how an entire corporate network can be damaged by one hacked computer.
- Add 2FA to intranets and portals. Passwords should feature a blend of alphanumeric characters, and it’s good practice to periodically insist on new passwords.
- Ask remote staff or home-workers to be cautious outside the office. Explain why their home broadband hubs or coffee shop Wi-Fi networks might be insecure.
- Set devices to log out after a period of inactivity. A laptop doesn’t need to be logged in while its user is away buying lunch. Privacy screens are also recommended.
- Change default passwords on routers, IoT devices, hardware and websites. From WordPress to printers, never leave passwords set as ‘admin’ – or ‘password’…