This Month Only! >> $20 off and a FREE SHRM tote with your membership and code TOTE2018!
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
As Baby Boomers increasingly exit the workforce and Millennials move in to take their places, HR professionals must assess and mitigate the cybersecurity risks posed by new workers who grew up in the digital age, according to a new study by Software Advice, a company headquartered in Austin, Texas, that reviews HRIS systems
"Millennials bring a wealth of technology experience with them when they join an organization," said Daren Glenister, field chief technology officer at Intralinks, a secure collaboration tech provider in Houston. In fact, "many bring their personal devices and consumer-grade software solutions with them into the office."
But therein lies the problem: While some employers think it's admirable that Millennials try to facilitate work through the use of their own technology, this can create cybersecurity risks when questionable apps, tools and devices are used to handle proprietary or otherwise sensitive company data, he said.
When companies allow employees to work from home and bring their personal devices into the office, HR managers need to know that such policies may lead to an increased cybersecurity risk, said Ben Desjardins, director of security solution marketing at Radware, an application delivery and cybersecurity company in Tel Aviv, Israel.
'A Different Perspective'
"Millennials in the workplace have a different perspective on the sensitivity of information, information-sharing and the ramifications of personal data being shared within a corporate environment," said Morey Haber, vice president of technology at cybersecurity company BeyondTrust, which is based in Phoenix. This may lead to corporate information being inadvertently leaked on Facebook, Twitter, Instagram or Snapchat, for example.
Anthony J. Cacciatore, an attorney with Mac Murray, Petersen & Shuster LLP in New Albany, Ohio, focusing on privacy and regulatory compliance matters, is a Millennial. He said workers in his generation are just as likely to fall victim to today's sophisticated hacking attempts, such as social engineering—being tricked into giving out sensitive information, as
HR professionals were earlier this year when they e-mailed W2 information to cyberthieves posing as executives—and theft of hardware, as other generations are susceptible to phishing attempts and the negative consequences of using simple passwords.
Additionally, the computing knowledge that businesses sometimes expect from Millennials can create cyber exposure in areas that unexperienced managers may not know about. For instance, asking younger employees to manage IT departments without guidance in addition to performing their other job duties can lead to unintended consequences, especially if the employees' personal views on installing software, Internet browsing and file sharing conflict with the views of upper management, said Cacciatore, who is also a member of the nonprofit International Association of Privacy Professionals (IAPP).
To combat these risks, "as the central hub of the organization, HR can partner with the information security department to design and communicate company policies around information-sharing," Glenister said. "The key is to maintain an open dialogue with the lines of business to understand their needs, so that the company can identify and provide sanctioned tools that help their teams get the job done, while protecting against information leakage."
Educate Millennials on Cyberthreats
If Millennials are multitasking and wearing multiple hats, the desire to complete tasks quickly can cloud their ability to maintain stringent cybersecurity standards, said Joe Schorr, director of Advanced Security Solutions at Ridgeland, Miss.-based Bomgar, which supplies secure access solutions for businesses. HR professionals can mitigate this risk by reminding employees to keep safety and security in mind at all times.
Companies should also fight poor password habits, such as employees reusing passwords on multiple websites, writing passwords on notes stuck to their computer monitors and using spreadsheets to store login data. Companies should invest in multifactor authentication or password management tools.
"Some [tools] even inject credentials behind the scenes, leaving them completely hidden from the admin while still providing access to the appropriate areas. It's tough to write a password down that you never see," Schorr said.
Securing Remote Access
With Millennial workers employing more devices at work than ever, HR and IT should iron out exactly what capabilities are needed from a remote access tool. Investing in this technology allows for a full audit trail of all remote support activity, allowing steps to be retraced in the case of an incident, Schorr added.
Haber said HR should tell workers never to use their personal e-mail for business purposes and vice versa. The same goes for social media accounts, he said.
HR professionals should keep in mind, however, that "preconceived notions about Millennials and, say, their work ethic are as shortsighted as preconceived notions about Baby Boomers and their capacity to embrace technology," Glenister said. "Each generational group brings a set of assets and skills to the workplace that can be used to enhance overall performance."
All employers and all employees—not just Millennials—need to be mindful of the importance of cybersecurity, Glenister said.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 10,000 companies