In Depth

Security and the Generational Divide

Boomers, Gen X and Gen Y each present unique security challenges in the workplace. Do employees know what types of physical and digital risk they create? And do you know how to communicate with each group?

By Joan Goodchild, Senior Editor

Page 2

"For Millennials, there is more blurring of the lines between work and home," said Samir Kapuria, a managing director with Symantec Advisory Consulting Services, the group that conducted the survey. "They tend to use what they have at home while at work, and this is really forcing corporations to rethink IT risk management."

The risk, according to Kapuria, is Web 2.0 programs are a huge target now for phishing scams and malicious code attacks. And the implications from these Millennial habits go further than simply putting a corporate IT infrastructure at risk of attack. There are privacy issues to consider, too.

The poll found younger workers regularly store corporate data on personal devices, such as PCs and USB drives, much more than older counterparts. This flies in the face of the 75 percent of corporate IT managers that said they have policies that restrict corporate data and information on personal devices. Symantec also found 85 percent of corporate IT managers have policies restricting download and installation of software on work PCs for personal use.

In Kapuria's opinion, the key to minimizing risk from younger workers is education.

"I don't think there is any kind of malicious intent or rebellion on the part of this generation," said Kapuria. "Companies should consider education programs tailored to this audience as part of their security approach."

However, educating older workers is equally important, according to Aaron Wilson, chief technology officer in the Managed Security Services division of Science Applications International Corp. Boomers' lack of familiarity with new technology may make them a risk, too.

"Gen X/Y/Z employees often understand the nuances of the new technologies they bring, whereas Boomers may be equipped with the same technology but not as familiar with all of the functionality," said Wilson. "This can be dangerous from a security standpoint, for example when understanding the subtle difference between encrypted email on a corporate RIM device versus an unencrypted email on an iPhone. To the uninitiated, it's all email. To the security team, it's safety versus possible unintentional exposure of sensitive data."

Access control and security habits

Security consultant Jack Dowling remembers a simpler time when it came to building access and security.

"There was a time when a new system was put in place and there was an understanding that it took time to get used to. Now, as soon as something doesn't work&..," Dowling said, sounding like age-wise veteran reminiscing about the old days. "There are always going to be bugs in electronics. But now glitches are perceived as incompetence on the part of the company."