As a far more tech savvy generation, millennials pose a greater cybersecurity risk than any other generation in the workplace, with their desire to use the same devices for both personal and professional purposes. Many do not think about corporate security when they plug their own devices into company networks or use their personal applications instead of company approved apps. Others violate IT policies without a second thought, flouting the rules for their convenience.
“Millennials like to be able to use their own tools and hardware. They are tech savvy, used to working on the fly, and want to be able to choose the applications and devices they find most effective,” says Nastassia Finnegan, Enterprise Sales Director at DRS.
However, this is putting the business at risk, as personal devices are used to access company data. “Increased mobility comes hand in hand with higher risks of having a mobile device lost or stolen, or even infected with malware from dodgy applications. This is a huge security concern, as these devices can be a gateway into the corporate network.”
Having a slew of mobile devices, all of different makes and models, and all used to carry and access company data, sees the company become more vulnerable to mobile security risks. “Although BYOD brings lots of benefits for both staff and employers, it is putting a strain on data security, which if compromised, can cost the business a fortune,” says Finnegan.
She says this is why organisations should broaden the scope of their BYOD policies to cover all types of devices and apps used by millennials, and more crucial, put data security at the heart of these policies.
However, this puts the IT department in a quandary. On the one hand, they need to have strong IT policies in place to protect the business, but if these are too stringent or restrictive, they get ignored and end up alienating employees, leading to more BYO applications and devices being snuck into the business.
The majority of BYOD solutions are highly restrictive, and prevent millennials from putting corporate data into personal apps, by blacklisting apps and devices that aren’t company approved.
Finnegan says this isn’t practical for several reasons. “Firstly, you cannot tell a millennial that they can’t use their personal smartphone for work. They are used to using their own devices, and will never accept this. Secondly, there is no way that blacklisting will ever be able to keep up with the pace of release of new applications. No company has the resources or time to sift through the thousands of apps that are released on a monthly basis.”
Another problem with blacklisting is that it hampers productivity in a big way. “Millennials use their own applications and devices for one simple reason: The company tools and apps simply do not meet their needs. The perception that it’s all about social media and gaming simply isn’t true – they are downloading apps for legitimate business purposes.”
Finnegan suggests that a better approach is to implement BYO solutions that have a healthy balance between security, productivity and personal choice. “The decision of BYOD being a benefit or a thorn in the company’s side lies with its management of the environment. It is crucial for security teams to have systems in place that can maintain visibility to understand the behaviour of their staff, and their use of critical business data across all devices and apps.”
She adds that implementing the right solutions is only half the battle won. User education is just as important, she says. “In a recent study, the Ponemon Institute surveyed 601 cyber security professionals, and discovered that 66% of respondents identified their company’s staff as the weakest link when it comes to IT security. Furthermore, 55% had already experienced a security incident caused by either a malicious or negligent employee. One of the best ways to make sure employees will not create countless opportunities for hackers to compromise a company’s security is to institute regular company-wide security-awareness training initiatives on a regular basis. These will not only help educate staff on how to avoid the many threats out there, but will help make them more aware of how their actions can impact the entire organisation.”