The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Callow Youth Blamed for Security Breaches

Joking in the office
22 June 2018

Younger employees have been identified as the main culprits for security breaches in the workplace in a study by Centrify of UK senior decision makers and workers.

More than a third of senior executives survey believe that younger employees are the main culprits for data security breaches in the workplace according to the independent study into attitudes of the next generation workforce about cybersecurity, commissioned by Centrify.

More worrying is that the study also reveals that these same decision makers are doing very little to allay their own fears, with over a third of 18-24-year olds able to access any files on their company network and only one in five having to request permission to access specific files. Less than half (43%) have access only to the files that are relevant to their work.

The study, conducted by Censuswide, sought the views of 1,000 next generation workers (18-24 year olds) and 500 decision makers in UK organisations to discover how security, privacy and online behaviour at work has an impact on the lives of younger employees and the companies that they work for.



While password sharing tops the list at 56 per cent as to what keeps decision makers awake at night, 29 per cent of younger workers reveal that they are in the driving seat when it comes to password changes with their employers leaving it to them to decide when they need a password change. Furthermore 15 per cent of them admit to freely sharing passwords with colleagues.


Attitudes to social media and online behaviour

Asked how younger employees could have a negative impact the workplace, 47 per cent of decision makers worry about them sharing social media posts and the impact these could have on brand and reputation.  Conversely, one in five workers are not bothered about how their social media activity might affect their employers – and 18 per cent freely admit that their posts could compromise employers’ security and privacy policies. Less than half say their company has social media guidelines in place, highlighting the need for strong social media access controls that follow the principles of a ‘Zero Trust’ approach to security, which assumes that users inside a network are no more trustworthy than those outside the network.


Never off

The next generation of workers’ ‘always on’ approach to technology – with no experience of an off-line world – further reinforces the need for robust security policies. When it comes to this generation of workers, 40 per cent of decision makers are concerned about their misuse of devices, while 35 per cent say they are too trusting of technology and 30 per cent worry they share company data too easily.


Policies ignored

While 79 per cent of decision makers report having a strong security policy in place and 74 per cent of them think that their employees abide by it, over a third (37 per cent) feel that young workers are too relaxed about security policies.

Decision makers also say the next generation of workers have a good awareness of the Dark Web (87 per cent), underground hacking (79 per cent) and crimeware (81 per cent). Although around half (48 per cent) say they have strict guidelines in place for employees accessing these new ‘dark arts’, 39 per cent feel they could be better.


Leaders of tomorrow

“Some may think of younger workers as always online, always ready to share information and perhaps not being as concerned about privacy or security as older workers but we must remember they are the business leaders of tomorrow and we must help not hinder them,” comments Barry Scott, CTO EMEA, Centrify. “While it’s clear that employers are concerned about this new generation entering the workforce – and see them as a potential risk to both the business and brand – these same companies are perhaps guilty of not putting in place the right security processes, policies and technologies. If you give employees access to any information at any time from any place or fail to enforce strict password and security policies, they are likely to take full advantage, putting both their own jobs at risk as well as the company itself.

“Our study shows it’s time to discard the old castle-and-moat model of ‘trust but verify’ as it simply does not work in today’s mobile-first, cloud-enabled world where employees can be anywhere and work on multiple devices. Traditional network perimeters are dissolving and security professionals must adopt a Zero Trust approach that assumes bad actors are already on the network. With Zero Trust Security we verify every user, validate their device and limit their access to only the resources they need - and use machine learning to ensure the resulting improved security has no impact on efficiency.

"Let’s be clear that Zero Trust Security is not saying we’ve lost trust in our employees but rather it enables them to work exactly the same way wherever they are, and provides the company with a stronger security posture.”

Picture: Would you trust this person?


Article written by Brian Shillibeer | Published 22 June 2018


Related Articles

123456 - 23.2 Million Cyber Victims Used This Password

The most hacked passwords have been revealed as a UK cyber survey exposes gaps in online security with global breach analysis finding 23.2 million victims used 123456 as...

 Read Full Article
Learning To Be Tough On Weak Passwords

East Ayrshire Council has blocked weak passwords after an annual audit revealed their 6,000 employees were leaving the organisation open to cyber threat. It was 2017...

 Read Full Article
GDPR - A Little Help From Your Friends

ThisWeekinFM is reminding readers GDPR is for life and not just May 25...but we also have a cunning plan to help keep you and your organisation compliant.  Whilst...

 Read Full Article
Is BYOD Creating A GDPR Risk For Your Business?

Does your Bring Your Own Device (BYOD) stance have the potential to create risks relating to data protection or breaches, as a result of staff using a single smartphone...

 Read Full Article
Two Million Fleet Drivers To Revalidate Driving Licence Data Consent

There are over two million drivers who will have to revalidate their driving licence data consent, writes Malcolm Maycock, Chair of the ADLV. Whilst this is a mammoth...

 Read Full Article
Raising The Bar – Consent Under The GDPR

Straight from the horse's mouth, Steve Wood, Deputy Information Commissioner, writes for ThisWeekinFM on the topic of 'consent', how to get it and what to do...

 Read Full Article
Denial Of Service Costs Escalate

A DNS Threat Report has revealed the cost per attack has increased by 57% to $715,000 for organisations globally. EfficientIP, a specialist in DNS security to ensure...

 Read Full Article
Are You Ready For Business Change?

Andrew Carwardine offers 7 Steps to Change & Put Process Back On The Agenda. Thanks to GDPR, processes are back on the agenda but why the wait? Shouldn't we...

 Read Full Article
Crown Prosecutions Service Prosecuted - And Other GDPR-type Convictions

You could hardly make it up but the Crown Prosecutions Service has been fined after losing victim interview videos - PLUS a variety of convictions including a...

 Read Full Article
GDPR - No Confidence In Compliance. Mobile Workers Are Biggest Hazard

Most companies are not confident of being fully compliant ahead of the GDPR deadline with the biggest fear being the loss of data on laptops and other mobile...

 Read Full Article