Despite a great familiarity with a Web-based life and the technology that comes with it, the Millennial generation poses a greater risk to data security than other categories of users, according to a survey of 762 North American adults conducted by Absolute Software.
The survey found 64 percent of Millennials use their employer-owned devices for personal use, as opposed to 37 percent of Baby Boomers, and 35 percent of Millennials modify their default settings, compared to 8 percent of Baby Boomers.
In addition, 27 percent of Millennials access “Not Safe for Work” content, compared with only 5 percent of Baby Boomers, and a quarter of Millennials believe they compromise IT security, compared with only 5 percent of Baby Boomers.
“One of the biggest surprises and causes for unease was that 50 percent of employees believe that security is not their responsibility,” Stephen Midgley, vice president of global marketing for Absolute Software, told eWEEK. “The surge in mobile devices has empowered users to be more flexible and efficient, but it also means an increased number of attack surfaces for the organization. With sensitive data accessible from and stored on these devices, every employee should feel a responsibility when it comes to protecting IT security.”
The survey also found 52 percent of all respondents use their employer-owned devices for personal use, 21 percent of respondents have modified the default settings on their work devices, and 14 percent of all respondents believe their behavior compromises the security of their organization.
“It was a pleasant surprise to see that employees are becoming more attuned to the perceived value of this lost data,” Midgley noted. “With major cyber- attacks and security breaches making front page news, employees are becoming more conscious of the value that data has in the hands of cyber-criminals. This is a critical step in how organizations evolve their security policies to convert this awareness into deeper accountability among staff.”
He said it was also surprising to see that 30 percent of respondents believe there should be no penalty for losing corporate data.
“Even though many users assign a higher value to the data than previous surveys, this data point reinforces the notion that employees do not take their responsibility for protecting corporate data seriously,” he said. “There needs to be a greater sense of urgency among employees when it comes to safeguarding corporate data and mitigating the potential risks of a data breach.”
Midgley said organizations need to know what is happening to corporate devices and the data they contain, since they are ultimately responsible. This will require the implementation of technology that will allow them to maintain some means of control over access to corporate data from a mobile device – including the data that is stored on the device.
“This can include dropping non-compliant devices from accessing the corporate network through to the deletion of data on a device that’s been stolen,” he said. “But even the best technology can be defeated by human error, so increased communication, education and training in the workplace will be required to help crystallize the importance of security practices.”