Millennials Bring New Workplace Cybersecurity Challenges

By By Karl W. Hardy Jul 12, 2016
Reuse Permissions

As Baby Boomers increasingly exit the workforce and Millennials move in to take their places, HR professionals must assess and mitigate the cybersecurity risks posed by new workers who grew up in the digital age, according to a new study by Software Advice, a company headquartered in Austin, Texas, that reviews HRIS systems

"Millennials bring a wealth of technology experience with them when they join an organization," said Daren Glenister, field chief technology officer at Intralinks, a secure collaboration tech provider in Houston. In fact, "many bring their personal devices and consumer-grade software solutions with them into the office."

But therein lies the problem: While some employers think it's admirable that Millennials try to facilitate work through the use of their own technology, this can create cybersecurity risks when questionable apps, tools and devices are used to handle proprietary or otherwise sensitive company data, he said.

When companies allow employees to work from home and bring their personal devices into the office, HR managers need to know that such policies may lead to an increased cybersecurity risk, said Ben Desjardins, director of security solution marketing at Radware, an application delivery and cybersecurity company in Tel Aviv, Israel.

'A Different Perspective'

"Millennials in the workplace have a different perspective on the sensitivity of information, information-sharing and the ramifications of personal data being shared within a corporate environment," said Morey Haber, vice president of technology at cybersecurity company BeyondTrust, which is based in Phoenix. This may lead to corporate information being inadvertently leaked on Facebook, Twitter, Instagram or Snapchat, for example.

Anthony J. Cacciatore, an attorney with Mac Murray, Petersen & Shuster LLP in New Albany, Ohio, focusing on privacy and regulatory compliance matters, is a Millennial. He said workers in his generation are just as likely to fall victim to today's sophisticated hacking attempts, such as social engineering—being tricked into giving out sensitive information, as HR professionals were earlier this year when they e-mailed W2 information to cyberthieves posing as executives—and theft of hardware, as other generations are susceptible to phishing attempts and the negative consequences of using simple passwords.

Additionally, the computing knowledge that businesses sometimes expect from Millennials can create cyber exposure in areas that unexperienced managers may not know about. For instance, asking younger employees to manage IT departments without guidance in addition to performing their other job duties can lead to unintended consequences, especially if the employees' personal views on installing software, Internet browsing and file sharing conflict with the views of upper management, said Cacciatore, who is also a member of the nonprofit International Association of Privacy Professionals (IAPP).

To combat these risks, "as the central hub of the organization, HR can partner with the information security department to design and communicate company policies around information-sharing," Glenister said. "The key is to maintain an open dialogue with the lines of business to understand their needs, so that the company can identify and provide sanctioned tools that help their teams get the job done, while protecting against information leakage."

Educate Millennials on Cyberthreats

If Millennials are multitasking and wearing multiple hats, the desire to complete tasks quickly can cloud their ability to maintain stringent cybersecurity standards, said Joe Schorr, director of Advanced Security Solutions at Ridgeland, Miss.-based Bomgar, which supplies secure access solutions for businesses. HR professionals can mitigate this risk by reminding employees to keep safety and security in mind at all times.

Companies should also fight poor password habits, such as employees reusing passwords on multiple websites, writing passwords on notes stuck to their computer monitors and using spreadsheets to store login data. Companies should invest in multifactor authentication or password management tools.

"Some [tools] even inject credentials behind the scenes, leaving them completely hidden from the admin while still providing access to the appropriate areas. It's tough to write a password down that you never see," Schorr said.

Securing Remote Access

With Millennial workers employing more devices at work than ever, HR and IT should iron out exactly what capabilities are needed from a remote access tool. Investing in this technology allows for a full audit trail of all remote support activity, allowing steps to be retraced in the case of an incident, Schorr added.

Haber said HR should tell workers never to use their personal e-mail for business purposes and vice versa. The same goes for social media accounts, he said.

HR professionals should keep in mind, however, that "preconceived notions about Millennials and, say, their work ethic are as shortsighted as preconceived notions about Baby Boomers and their capacity to embrace technology," Glenister said. "Each generational group brings a set of assets and skills to the workplace that can be used to enhance overall performance."

All employers and all employees—not just Millennials—need to be mindful of the importance of cybersecurity, Glenister said.

Freelancer Karl W. Hardy writes about technology issues.

Reuse Permissions


HR Education in a City Near You

Find a Seminar

Job Finder

Find an HR Job Near You


Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 3,200 companies

Search & Connect