You are here

It’s time for enterprises to step up their security to protect their systems, their customers, their employees, and their data. But rather than telling millennials to simply color within the lines, companies must adapt to the technological skills and sensibilities of the new workforce.

How security teams can embrace the millennial shift in the workplace

public://webform/writeforus/profile-pictures/malcolm_harkins_headshot.jpg
Malcolm Harkins, Chief Security and Trust Officer, Cylance

At 88 million strong, millennials are now the largest generation in the US workforce. We’ve all read countless articles that either accuse this generation of being lazy and entitled or praise them as the most innovative age cohort yet. But wherever you stand, there’s no doubt they’ve had a huge impact on the workplace—and security is no exception.

Millennials are the first employees to have grown up in an online world, tethered to technology and having constant access to the Internet and social media. To accommodate millennial employees’ fierce attachment to digital devices and their expectation that they should be able to work wherever, whenever, many companies have instituted work policies that are flexible about both schedules and work tools.

While this boosts employee productivity, it also presents an inherently higher security risk to the organization if not implemented correctly. 

[ Get valuable insights to improve your SOC’s maturity and success. Download the 2019 State of Security Operations report today. ]

Protecting a millennial workforce

Many companies approach security by sticking to practices that simply don’t work with millennial workers. For example, in their effort to retain full control, companies often blacklist popular websites. According to Time, Facebook and Twitter are two of the most commonly blocked websites at work, though they are crucial sites for millennials everywhere to stay connected and in the know.

Such restrictive policies often prove ineffective with millennials, who value an open, fluid relationship with both their technology and their work. What’s more, millennials who are ambivalent toward corporate regulations can use their tech savviness to get around even the strictest IT policies. Employee education is essential to a strong security program, but millennials’ need to stay connected often outweighs their concern for company safety.

For example, a millennial employee looking to finish an assignment on the go may forward sensitive information from the company server to his personal Gmail account, well outside of the confines of most companies’ security systems. Or even worse, employees looking for more freedom and flexibility may jailbreak their computers, putting both the company’s network and data at risk.

Employees can create dangerous risks when they store sensitive work material on the same devices they use to download untrusted files and applications. And with every application an employee downloads, the endpoint is put at greater risk of an attack. Employees can expose a company to malicious attacks by unknowingly downloading files infected with a variety of viruses and Trojans or by simply clicking on malicious links or text messages.

[ Effective SecOps requires staying one step ahead. Get up to speed with this Webinar covering UEBA and MITRE ATT&CK ]

Connecting on the go

The future of work looks increasingly flexible. By 2020, millennials will make up more than half of the workforce and, according to a study by Bentley University, 77% of millennials agree that having a flexible work schedule would increase their productivity. With millennials rising in number and workplace prominence, flexibility is sure to increase as well.

The good news is that increased flexibility doesn’t need to mean that businesses are at a greater security risk. In fact, 80% of millennials feel it is important to secure sensitive information, such as data containing personal, financial, and medical information. Companies just need to embrace millennials’ acceptance of security with the understanding that security measures can’t get in the way of the on-demand mindset or inhibit work flexibility.

So what can companies do? They can ensure a safer environment by prioritizing technologies that have minimal to no impact on the employee work experience. This means embracing new innovations based on artificial intelligence and predictive analytics that minimize user involvement and don’t rely on workers to keep software updated. Other approaches include new digital chips that provide secure identification and authentication for devices. These advances give companies both the best in security and the simplicity that encourages millennials (and everyone else) to adopt.

Expand security boundaries

It’s time for enterprises to find ways to step up their security to protect their systems, their customers, their employees, and their data. But rather than telling millennials to simply color within the lines, companies must adapt to the technological skills and sensibilities of the new workforce and implement comprehensive security programs that ensure security within the expanding boundaries of the modern workplace.  This is what I call "protect to enable."

[ Data privacy regs GDPR and CCPA are the new norm. Learn best practices from top organizations for staying on the right side of the law. ]