Friday, November 21, 2008

Geezers rule - why IT never trusts anyone under 30

A former co-worker of mine was a recent university graduate who transferred to another division of my company. During the time that I worked with her, I valued her contributions and spoke of her with the highest regard.

Obviously I was misguided, if this Dark Reading post is accurate. She was a threat to me and all that my company stood for.

During the past two weeks, IT security managers have been getting a new warning that turns the old '60s hippie slogan -- "Never trust anyone over 30" -- upside down. The new message: Twenty-somethings are putting the corporate network at risk.

Since Nov. 5, three separate studies -- from Accenture, Intel, and ISACA, a major IT users group -- have indicted the youngest generation of employees as one of the enterprise's newest and most serious security risks. People under the age of 28 -- sometimes called Generation Y and sometimes called Millenials, depending on how you define the category -- are engaging in online behavior that could expose their organizations to data leakage and information theft, the studies say.

The Accenture study, published two weeks ago, queried more than 400 students and employees ranging from age 14 to age 27. It found that more than half (60 percent) of young people "are either unaware of their companies' IT policies or are not inclined to follow them."

"When asked which technologies they currently use or access for work-related activities that are not supported by their employers, mid-Millennials [respondents aged 18 to 22] cited mobile phones (39 percent), open source technology (19 percent), instant messaging (27 percent), online applications (12 percent), and social networking sites (28 percent)," Accenture says. "Similarly, they regularly download non-standard technology from free public Web sites such as open source communities, 'mashup' and 'widget' providers."...

In a study published Nov. 13, Intel and the research firm of Penn Schoen & Berland Associates offered similar conclusions. The survey of IT professionals indicates that while younger employees are having a positive impact on the enterprise and its use of cutting-edge technology, they also create a new security risk. About half of the respondents regard Generation Y as a serious security concern, according to the study.

Younger employees' propensity to download non-sanctioned applications and social media tools was one of the chief reasons cited for IT professionals' concern. Risks posed by social networking sites such as Facebook and MySpace were the most frequently mentioned, according to the study....

In a study published last week, IT professional association ISACA focused its attention on online shopping at work....ISACA found that the greatest danger from online shopping behavior comes from Millenials -- those in the 18 to 24 age bracket. Forty percent of Millenials in the survey said they will spend up to five hours doing online shopping from their desks this holiday season. Ironically, this group is the least concerned about the security of their work PCs; almost half said they pay more attention to the security of their home machine than to the security of their office machine....

When end users give their workplace e-mail address to an online retailer, they can leave the enterprise network open to a variety of threats, ISACA observed. "Yet more than two in 10 (22 percent) respondents have clicked on an e-mail link to go to a retailer's Web site from their workplace computer, and used their company e-mail address as the contact for a purchase," the study says. "In addition, one in four (26 percent) respondents either does not check -- or is unsure how to check -- the security of a site before making a purchase."

And if you don't believe that the generational differences are that strong, take a look at a March post from a forty-something Fortune 500 employee who was scruplously adhering to his employer's guidelines to only use Internet Explorer 6 on his workplace computer. (As to whether said employee is still comment.)

Sphere: Related Content
blog comments powered by Disqus