We've seen multiple studies suggesting that Generation Y (people born in the 1990s) are overconfident in security knowledge; this segment prioritizes productivity over priority, is more likely to succumb to phishing on social networks, and blatantly (78%) ignore security best practices. Other surveys confirm this rule-breaking tendency, with insights suggestion 61% of employees in this segment believing they are not responsible for protecting information on devices. This segment is dismissive of security, seeing it as outdated or counterproductive.
Andrew Avanessian recently wrote about this "security divide" on USA Today, noting that Gen Y workers introduce a new risk element to the workforce, while also bringing in their expertise and technical understanding. The blurring of the lines between work and personal lives couples with a dismissive attitude toward security can lead to increased security risks for businesses.
Taylor Armerding recently picked up the Gen Y security topic on PC World, exploring further the reasons Gen Y workers introduce new threats. The article looks at the propensity of Gen Y workers to over-share personal and company information online, noting however that this type of worker does not perform well with restrictive policies. Gen Y workers not only demand greater access, they need it to work efficiently.
While it's easy to blame Gen Y for introducing new threats to the corporate environment, such a simplification does not do justice to the value these workers bring to companies. Guy Helmer, Assistant VP of Data Loss Prevention at Absolute Software, notes:
"As technology is embraced by all generations, it is natural for tech-savvy employees to want to have the same network and app access at work as at home. Gen Y employees are continuing the democratization of the data that started 30 years ago in the days of the personal computer."
It may be that as early adopters, Gen Y employees appear to introduce greater threats, though in fact it is the use of more social and mobile technology that introduces the most risk. Gen Y clearly is over-confident about security, though, so it is the job of IT to work with the changes in technology and mobility, clearly stating what is and is not acceptable with data security.
To protect and manage corporate data, set up your BYOD policy by focusing on the data, giving you greater control over understanding what data access is needed, where the data is being used and how to respond if a security incident occurs (more on this here). Combined with a strong BYOD policy, DLP technology can give IT the tools to follow the data and control how it is used, non-intrusively, automatically and proactively (learn more here).