New Zealand’s changing work force creating an increase in security risk
A recent whitepaper published by Forcepoint states millennials’ ‘adjust to us’ mentality raises significant security challenges due to their more relaxed security and technology practices. Striking a balance between security and flexibility in security policies will be a significant challenge for IT security teams. By nature, millennials are extremely tech-savvy and efficient problem solvers. However, if security protocols and policies do not evolve, a highly effective millennial worker can quickly go from a super employee to an insider threat.
There are three general categories of insider threats:
1. Unintentional Insiders violate security protocols or processes accidentally and without malice, frequently because they are new and unfamiliar with protocols/best practices.
2. Rule Benders try to get the job done at the expense of security protocols or processes. They don’t outright violate cybersecurity rules, but find “grey areas” and possibly even cross the line to in trying to do their job.
3. The Malicious User deliberately seeks to violate policy while hurting an individual or the organisation as a whole.
Some of the risky behaviour and practices cited by the Forcepoint study are: use of public Wi-Fi networks to access work systems and accounts; sharing passwords across multiple systems and applications; using a pattern for mandatory password re-setting; and not notifying security teams of relevant issues.
New Zealand’s own workforce demographics show times are changing for New Zealand employers too. Since 2013, the millennial workforce has increased from 28.9% of New Zealand’s total workforce to 30.9% [1]. Over the next 10 to 20 years, as the millennial generation progress through their working lives, their tech-savvy behaviours and practices will go with them.
To deal with this inevitable change, three controls stand out above all others. The first is to provide training that expects employees to meet you halfway. There is tremendous confusion among millennials about what is and isn’t appropriate. Don’t ignore the world they live in, but show them how to intelligently use their digital tools and talents.
Secondly, create cybersecurity policies that are reasonable and don’t make peoples jobs more difficult. Cybersecurity policy should clearly communicate best practices and should allow employees the appropriate degree of freedom they need to be productive.
Finally, audit and monitor your network by deploying end-to-end network monitoring systems that can fully report real-time situational awareness of users, devices and activities on the network.
