Last week I had the opportunity to present to a team of senior privacy officers regarding how Gen Ys approach privacy issues and the impact that can have on corporate security. In a world where everything can be shared on Instagram or Facebook or Tweeted out to the masses, young employees aren’t often are not as focused on maintaining a sense of privacy as previous generations.
Gen Ys and Corporate Privacy
Gen Ys are generally seen as more flexible, more tech savvy and are considered to be “digital natives.” However, many organizations find that the attitudes, tendencies and expectations of Gen Ys clash with the security and privacy standards at work.
Since Gen Ys have grown up with technology, they are the generation that is least likely to adhere to (or be constrained by) IT policies. This generation expects 24-hour access to their work, which includes the corporate data that they work with. In addition, Gen Ys have an expectation of being able to access significantly more ‘strategic’ information such a corporate financials, customer data and competitive intelligence.
Older generations (such as Traditionalists and Baby Boomers) treated knowledge as power. The more information you had, the more power you held. This led to cultures where information sharing was scarce. In comparison, younger employees want to have access to as much information as possible. This means that they expect to be informed of details that were once only privy to senior leaders. This can potentially lead to security risks if the consequences of sharing that information aren’t discussed. The risk is that younger employees don’t focus on protecting confidential corporate information given their tendency to be relaxed with their own personal information. According to a study by Deloitte, only 38% of Gen Ys guard their privacy carefully.
Potential Security Risks with Gen Ys
We are living in an age of “bring your own device” (BYOD). In the past, an employee may have had a work computer that stayed on a desk in the office. Company data was either stored on that computer or in a (locked) filing cabinet nearby. Today, more than ever, employees are using their own smart phones, laptops and tablets to do work both inside and outside the office. Over 50 percent of Gen Ys take advantage of company BYOD polices.
A global survey conducted by Cisco found that only 40 percent of Gen Ys surveyed are aware of their employer’s policies for the use of certain devices at work. However, out of that 40 percent who are aware of the policies, 80 percent said that they do not follow them. For many Gen Ys, polices are ignored if they are too restrictive, too complex or if they negatively affect their ability to achieve work-life integration.
Gen Ys value independence, flexible work schedules and the ability to work remotely. They may not have a “work computer” or store secure documents in the office. They may not even have a permanent desk in the office. Since they are working remotely and using their own devices, potentially sensitive information winds up on mobile devices and USB drives on a daily basis. Confidential data could even be uploaded to an employee’s personal cloud storage account so that the employee can work remotely with greater ease.
A survey conducted by Fortinet, a security and network management company, found that 36 percent of Gen Ys say they would ignore company policies for uploading company data to their personal cloud storage accounts in order to make it more convenient for them to work remotely and on different devices. Among the information stored on these sites includes work passwords, company financial information, confidential documents, customer data and more. As you can imagine, this is a big potential security risk should a disgruntled or disengaged employee choose to release sensitive information. There have been several cases where Gen Y employees had knowingly released corporate information because they felt they had a ‘duty’ to do so. In a world where Wikileaks is admired for its focus on sharing information, younger employees may feel more loyal to their own personal beliefs than to your company policy.
In addition to BYOD polices and cloud storage, many organizations are concerned with security and privacy when it comes to social media. For Gen Ys, the line between their work lives and their personal lives has been blurred. They are not looking for work-life balance as much as they are seeking work-life integration. For example, 37 percent of Gen Ys are Facebook friends with a colleague.
Since Gen Ys blur the lines between work and personal activities and since they expect to be able to use their own technology at work, many Gen Ys use Facebook, Twitter and various other social networks in the workplace, during work hours. This can be concerning for organizations that not only like to control the types of websites that employees are able to access at work, but also the methods of communication and the content that is discussed between employees, colleagues and others outside of the business.
Since many Gen Ys prefer to communicate electronically, through emails, text messages and instant messages, often information is sent through unsecure websites and platforms that are not controlled or protected by an organization’s IT department, posing a greater risk of data being hacked or falling into the wrong hands.
What Organizations Can Do
Setting strict guidelines for handling confidential data is crucial. In the past, leaders may have assumed that employees knew that they should not share certain information with the outside world, today it is important to have that explicit conversation.
It used to be much harder to get a confidential document out of an organization. Now a screenshot can be Tweeted in an instant. It’s not that most Gen Ys want to damage their employers by sharing sensitive data, it’s that they are unaware of how these actions could be harmful and what the consequences are. According to a survey carried out by security firm ESET, about one-third of Gen Ys professionals don’t know or don’t believe that their organization has an IT security policy. In addition, 52 percent of the Gen Ys surveyed were not aware that stolen data could be used against their employer. Given this reality, your orientation program for all new hires should include a discussion about roles, responsibilities and consequences of mishandling sensitive data.
It’s also important that your organization regularly updates and communicates your polices for confidential data, and ensures that all employees are aware of the changes. Employers need to convey how sharing sensitive information can harm the company as well as the consequences for an employee who shares such data. Otherwise, younger employees may unknowingly post company information on Facebook or share a strategy on Instagram. It’s important to discuss in employee training the difference between intent and impact. The Gen Ys we have worked with didn’t have bad intentions when they accessed confidential data or shared it with others, but the impact was negative and potentially very damaging to the business.
As employees increasingly access their work files, on numerous platforms, from numerous locations, IT departments must make these activities as secure as possible, without squashing the freedom Gen Ys have come to expect. Setting up secure remote access that is convenient and easy will encourage employees to use official methods of accessing data remotely and not leave them turning to Dropbox, OneDrive or Google Drive, which are often less secure and can’t be controlled by your IT team.
By updating policies, communicating these policies effectively and helping employees access the data they want through secure methods, organizations can meet the needs of Gen Ys while still remaining secure.