Last week I had the opportunity to present to a team of senior privacy officers regarding how Gen Ys approach privacy issues and the impact that can have on corporate security. \u00a0In a world where everything can be shared on Instagram or Facebook or Tweeted out to the masses, young employees aren\u2019t often are not as focused on maintaining a sense of privacy as previous generations.<\/p>\n
Gen Ys are generally seen as more flexible, more tech savvy and are considered to be \u201cdigital natives.\u201d However, many organizations find that the attitudes, tendencies and expectations of Gen Ys clash with the security and privacy standards at work.<\/p>\n
Since Gen Ys have grown up with technology, they are the generation that is least likely to adhere to (or be constrained by) IT policies. This generation expects 24-hour access to their work, which includes the corporate data that they work with. In addition, Gen Ys have an expectation of being able to access significantly more \u2018strategic\u2019 information such a corporate financials, customer data and competitive intelligence.<\/p>\n
Older generations (such as Traditionalists and Baby Boomers) treated knowledge as power. The more information you had, the more power you held. This led to cultures where information sharing was scarce. In comparison, younger employees want to have access to as much information as possible. This means that they expect to be informed of details that were once only privy to senior leaders. This can potentially lead to security risks if the consequences of sharing that information aren\u2019t discussed.\u00a0 The risk is that younger employees don\u2019t focus on protecting confidential corporate information given their tendency to be relaxed with their own personal information. According to a study by Deloitte, only 38% of Gen Ys guard their privacy carefully.<\/p>\n
We are living in an age of \u201cbring your own device\u201d (BYOD). In the past, an employee may have had a work computer that stayed on a desk in the office. Company data was either stored on that computer or in a (locked) filing cabinet nearby. Today, more than ever, employees are using their own smart phones, laptops and tablets to do work both inside and outside the office. Over 50 percent of Gen Ys take advantage of company BYOD polices.<\/p>\n
A global survey conducted by Cisco found that only 40 percent of Gen Ys surveyed are aware of their employer\u2019s policies for the use of certain devices at work. However, out of that 40 percent who are aware of the policies, 80 percent said that they do not follow them. For many Gen Ys, polices are ignored if they are too restrictive, too complex or if they negatively affect their ability to achieve work-life integration.<\/p>\n
Gen Ys value independence, flexible work schedules and the ability to work remotely. They may not have a \u201cwork computer\u201d or store secure documents in the office. They may not even have a permanent desk in the office. Since they are working remotely and using their own devices, potentially sensitive information winds up on mobile devices and USB drives on a daily basis. Confidential data could even be uploaded to an employee\u2019s personal cloud storage account so that the employee can work remotely with greater ease.<\/p>\n
A survey conducted by Fortinet, a security and network management company, found that 36 percent of Gen Ys say they would ignore company policies for uploading company data to their personal cloud storage accounts in order to make it more convenient for them to work remotely and on different devices. Among the information stored on these sites includes work passwords, company financial information, confidential documents, customer data and more. As you can imagine, this is a big potential security risk should a disgruntled or disengaged employee choose to release sensitive information. There have been several cases where Gen Y employees had knowingly released corporate information because they felt they had a \u2018duty\u2019 to do so. In a world where Wikileaks is admired for its focus on sharing information, younger employees may feel more loyal to their own personal beliefs than to your company policy.<\/p>\n
In addition to BYOD polices and cloud storage, many organizations are concerned with security and privacy when it comes to social media. For Gen Ys, the line between their work lives and their personal lives has been blurred. They are not looking for work-life balance as much as they are seeking work-life integration. For example, 37 percent of Gen Ys are Facebook friends with a colleague.<\/p>\n
Since Gen Ys blur the lines between work and personal activities and since they expect to be able to use their own technology at work, many Gen Ys use Facebook, Twitter and various other social networks in the workplace, during work hours. This can be concerning for organizations that not only like to control the types of websites that employees are able to access at work, but also the methods of communication and the content that is discussed between employees, colleagues and others outside of the business.<\/p>\n
Since many Gen Ys prefer to communicate electronically, through emails, text messages and instant messages, often information is sent through unsecure websites and platforms that are not controlled or protected by an organization\u2019s IT department, posing a greater risk of data being hacked or falling into the wrong hands.<\/p>\n
Setting strict guidelines for handling confidential data is crucial. In the past, leaders may have assumed that employees knew that they should not share certain information with the outside world, today it is important to have that explicit conversation.<\/p>\n
It used to be much harder to get a confidential document out of an organization. Now a screenshot can be Tweeted in an instant. It\u2019s not that most Gen Ys want to damage their employers by sharing sensitive data, it\u2019s that they are unaware of how these actions could be harmful and what the consequences are. According to a survey carried out by security firm ESET, about one-third of Gen Ys professionals don\u2019t know or don\u2019t believe that their organization has an IT security policy. In addition, 52 percent of the Gen Ys surveyed were not aware that stolen data could be used against their employer.\u00a0 Given this reality, your orientation program for all new hires should include a discussion about roles, responsibilities and consequences of mishandling sensitive data.<\/p>\n
It\u2019s also important that your organization regularly updates and communicates your polices for confidential data, and ensures that all employees are aware of the changes. Employers need to convey how sharing sensitive information can harm the company as well as the consequences for an employee who shares such data. Otherwise, younger employees may unknowingly post company information on Facebook or share a strategy on Instagram.\u00a0 It\u2019s important to discuss in employee training the difference between intent and impact.\u00a0 The Gen Ys we have worked with didn\u2019t have bad intentions when they accessed confidential data or shared it with others, but the impact was negative and potentially very damaging to the business.<\/p>\n
As employees increasingly access their work files, on numerous platforms, from numerous locations, IT departments must make these activities as secure as possible, without squashing the freedom Gen Ys have come to expect. Setting up secure remote access that is convenient and easy will encourage employees to use official methods of accessing data remotely and not leave them turning to Dropbox, OneDrive or Google Drive, which are often less secure and can\u2019t be controlled by your IT team.<\/p>\n
By updating policies, communicating these policies effectively and helping employees access the data they want through secure methods, organizations can meet the needs of Gen Ys while still remaining secure.<\/p>\n","protected":false},"excerpt":{"rendered":"
Last week I had the opportunity to present to a team of senior privacy officers regarding how Gen Ys approach privacy issues and the impact that can have on corporate security. \u00a0In a world where everything can be shared on … Continue reading