Millennial Cyber Behaviors Threaten Federal IT Systems

Millennials might pose as grave a cybersecurity risk to enterprise networks as cyber criminals, according to one recent study. With more of them entering the federal workplace, they bring along technology preferences and bad behavior that threaten security of federal IT systems, according to cybersecurity developer Forcepoint.

Results from the survey, done in July by research agency LaunchTech and commissioned by Forcepoint, calls for quick action to prevent a generational shift from undoing what cybersecurity safeguards have thus far been put in place.

"Beyond the security of the apps and devices employees bring to federal networks, agencies should also look at employee motivations, taking into account both productivity gains and potential security risks," says Ed Hammersla, Forcepoint's chief strategy officer and federal division president. "The data resulting from the survey highlights important attitudes and risk factors that can help agencies adapt cybersecurity programs with millennials in mind, fully capitalizing on their creativity and energy while preventing them from becoming accidental insider threats."

Millennials, those aged 18 and 34 years in 2015, make up about 25 percent of federal work force. They are expected to represent nearly 75 percent in a decade. The research found that the baby boomer generation, those aged 51 to 69, are more cautious online while the younger work force is more likely to abandon caution in exchange for digital expediency.

The report, titled “Millennial Rising: 'Digital warriors' introduce risk to federal systems,” lists what are characterized as alarming responses. For example, many millennials reported using personal devices for work and play, with nearly 25 percent downloading company files and third party apps to the devices to increase productivity without notifying IT; they frequently use the same password for multiple systems and apps and share them, even after having personally experienced a breach; and 33 percent use secure passwords for all accounts, compared to 53 percent of baby boomers.

Additionally, attracting the younger generation to the federal work force poses a challenge since more than 60 percent said they would not accept employment offers unless they are assured no access restrictions to social media platforms.

In addition, the researchers interviewed a small group of security officers for feedback on how they adapt cybersecurity policies for the millennial generation. Those officials reported a wide array of observations and changes reflecting the millennial rise, including:

• Current changes primarily relate to flexible scheduling and accessing information on mobile devices; nothing new is being done specifically to address incoming millennials from a fundamental security protocol and control perspective.
• Federal organizations largely are making changes individually, agency by agency.
• Changes include retooling security awareness programs that emphasize secure productivity, helping employees recognize the dangerous trade-offs of circumventing policies and updating bring-your-own-device programs with tools allowing greater visibility by monitoring applications' reach and data flows.