A look back at RSA Conference 20192 The 2019 RSA Conference was held in San Francisco on March 4-8. This is one of the best-known security...
Securing Your Millennials
Millennials. We're all the same. Except for our viewpoints on flip phones
Millennials, born between 1980 and 2000, are sometimes derided by X’ers and Boomers as selfie-obsessed, reality-tv-watching, soft-in-the-middle, wish-I-was-an-Instagram-travel-blogger whiners. But, are they secure?
In working with numerous customers to shape internal audiences and behavioral groups, we often take a dive into Digital Tribes© and the cultural values that underpin security compliance, we have bumped into many an ‘aha’ moment around this elusive demographic. These revelations; of value differences, cultural shifts, priorities, and behaviors, when made objective and brought to the fore in the pursuit of good (not blame!) can often help bridge the gap between management, executives, and yes, dare we say, even “the board” (whose average age in the USA is 63 years old, BTW).
So who are these Millennials you speak of? What are their cyber habits or viewpoints (as a group)? What can you do to better reach them, engage them, and ultimately secure them as “part of your cyber team”?
“Easier said than done, but not impossible”, says Angelo D’Agostino, Managing Partner at HC Group Advisors, a full-service HR and Talent Consultancy. “It has been my experience over the past 20 years that it is more important than ever to be ‘in the know’ as it relates to the upcoming generations in your workforce. For instance, look at the way people seek out opportunities. In the past 40 years, the drive for a new job could be about pay or advancement. However, Millennials are putting together impressive and full-bodied research to help inform their decisions around prospective employers. They are studied, care about values and culture, and know their market value. I tell HR and talent professionals to get a bit uncomfortable, learn to move forward digitally, and not get stuck in old data and processes. This sounds similar to the challenge in cyber security awareness- we need to find comfort in the discomfort and not worry because in a few weeks, it will have changed yet again. It’s about connecting and moving forwards.”
Stats & Values to Consider
Right now, more than one-in-three American labor force participants (35%) are Millennials, making them the largest generation in the U.S. labor force, according to Pew Research. As with any generation, the unique experience of millennials during the formative coming of age years has shaped their worldview. For me, that was the 80’s & 90’s, and indeed, I can wax rhapsodic for hours about Atari, Etch-a-sketch, neon & acid wash, Thundercats, and more. A reminder for our readers in the Boomer and Gen X demographics, the formative years for the Millenials as the 1990’s/2000’s.
According to Psychology Today:
“This generation came of age in a post-9/11 America primarily at war. High profile data breaches and Edward Snowden’s disclosure that America engaged in mass surveillance of its own citizens has seriously shaken young professionals’ trust in government. Additionally, both the government’s and the private sector’s reluctance to take decisive action to stymie global climate change leaves many millennials frustrated by what they see as a problem of epic proportion that has been passed along to them to handle. Lastly, Millennials are drivers of today’s movement of ethical consumerism. Their socially responsible attitudes are both despite and because of a set of crises, most notably a recession set in motion by Wall Street that was deeper than any other since the Great Depression that seriously damaged Americans’ confidence in financial, banking, and governmental institutions.”
So what do Millennials value as a generation in contrast with others in the workforce?
Without sounding like a horoscope in the Sunday papers (remember those? Kidding), here are a few values of the Millennial Generation to consider:
- Millennials want straightforwardness in what they understand to be a capricious, unstable world.
- They work hard and feel strongly about wanting their work to be meaningful.
- According to the United States Treasury, millennials tend to invest in organizations that prioritize the greater good more than any previous generation.
- David Burstein, author of the book “Fast Future,” describes Millennials’ approach to social change as “pragmatic idealism.” He notes that this generation expresses a deep desire to improve the world and that they recognize this will require the creation of new institutions while working within existing structures.
Deloitte’s 2019 survey of millennials recap states that:
”Despite current global economic growth, expansion and opportunity, millennials and Generation Z are expressing uneasiness and pessimism—about their careers, their lives and the world around them, according to Deloitte’s eighth annual Millennial Survey. In the past two years especially, we’ve seen steep declines in respondents’ views on the economy, their countries’ social/political situations, and institutions like government, the media and business. Organizations that can make the future brighter for millennials and Gen Zs stand to have the brightest futures themselves.”
Putting it in Perspective
For cyber security awareness, behavior, and culture change we think hard about how we can engage everyone to be more secure. This includes the challenging feat of bringing millennials onboard with governance and compliance around information security… the first big challenge is that demographically speaking, they look at technology differently.
- Millennials have high social media use. While a majority of adults today are users (and hooked on tiny addictive dopamine hits and the ‘acceptance high’ that comes with them… that’s the story for another blog…) the younger generations are constantly adapting to new platforms and ways of communicating.
- No More waiting, for anything? Amazon Prime, Netflix binge-watching, instant or quick gratification. In marketing and consumer research, to sell to Millenials if you don’t deliver it, and quick, they will move on.
- Ascribing authenticity and honesty to voices in authority is not a given.
- More than nine-in-ten Millennials (93% of those who turn ages 23 to 38 this year) own smartphones, compared with 90% of Gen Xers (those ages 39 to 54 this year)
- Compared to 68% of Baby Boomers (ages 55 to 73) and 40% of the Silent Generation (74 to 91) according to Pew Research.
It won’t be surprising that according to a recent Pew poll, nearly 100% of Millennials use the internet, but 19% of them are smartphone-only internet users – that is, they own a smartphone but do not have broadband internet service at home. The great untethering has begun, and while TV and cable are freaking out to lose viewers, now having a wired connection at home may seem old-fashioned. (We are certainly hoping that 5G doesn’t microwave us all into tiny bits, but that’s another blog post).
There isn’t as much published research on the cyber safety of millennials are in a corporate setting, although Dark Reading published survey results showing that millennials are:
- 2x more likely to share confidential information over messaging/collaboration apps.
- 3x more likely to download sensitive info or intellectual property from their companies.
- 2x more likely to talk badly about the boss over chat.
- 3x more likely to share company credit card or password information.
- 2x more likely to gossip about co-workers.
- 2x more likely to download a communications app not approved by IT.
Password habits are a great leveler of all things cyber security- and in our learning program, we tackle them first as a fundamental area of change.
Security Intelligence found:
- Only 42 percent of millennials use complex passwords combining random capitalization, numbers, and symbols (compared to 49 percent of people over the age of 55).
- Millennials are also much more likely to use the same password across multiple sites or apps (41 percent versus 31 percent of those 55 and older).
- On average, the older generations use 12 passwords regularly, while millennials use only eight.
- Nearly half (47 percent) of those under the age of 24 said they’d use a less secure method of authentication to save a few seconds of time. That’s close to triple the 16 percent of respondents over age 55 who would do the same.
We also found some interesting data that can help you think about how you can reach out and make new connections, increase awareness, and create more targeted messaging to increase compliance AND employee satisfaction at the same time.
Half of the under-30 respondents think that responsibility for cybersecurity rests solely with the IT department. This is 6% higher than respondents in the older age categories.
Under-30s are more likely to consider paying a hacker’s ransom demand (39%) than over-30s (30%). This may be due to an impatience to get systems back up and running, or greater knowledge of bitcoin and other cryptocurrencies.
Growing up in a technology skills crisis, 46% of under-30s are worried their company doesn’t have the right cybersecurity skills and resources in-house. This is 4% higher than for over-30s.
The desire for flexibility and agility could be affecting attitudes to incident response. Under-30s estimate that a company could recover from a cybersecurity breach in just 62 days––six days less than the time estimated by older age groups (68 days).
Younger workers are more accepting of personal devices at work than their older counterparts; 8% fewer consider them a security risk. However, they’re more concerned about the Internet of Things (IoT) as a potential risk (61% compared to 59%).
Eighty-one percent believe cybersecurity should be an item on the boardroom agenda, compared to 85% of over-30s.
All this should be taken with a large grain of salt, as perhaps some of these values, attitudes, and behaviors could be tempered by new statistics and research coming out about Gen Z. Risk appetites vary by culture, personality type, and by age… and nothing stays still for long.
Perhaps some of what we see in these is the folly of youth which will in time be tempered by wisdom and experience? Or perhaps this generation is wise beyond the years and not willing to accept corporate-speak, craving something authentic and truthful instead. Food for thought, for sure!
So, What Can You Do to Better Secure Your Millenials?
Talk with your HR team. Ask if they have any reports or if they can help you better understand what generations and demographics make up the people at your company. Do they, for any business reason (expansion and growth for instance) expect them to change in the next year, two, or three? Does your HR team have any cultural insight reports that can help you understand the demographic groups, and how your Millennials may relate to the values researched above?
What kind of cyber awareness messages do you put out to the company? Can you write different ‘styles’ or flavors, or use different channels to reach audiences who may have different values and alignment? As social media adoption varies in the consumer space by generation- do you have social style channels to use to communicate cyber security awareness reminders?
How can you change and adapt messaging on an ongoing basis to match the values of not just generational groups, but also the different digital tribes in your organization? Age can be one characteristic, but there are many ways to look at human behavior and preferences- if you are in a small or midsized organization, perhaps a wider lens will give better results for targeting awareness training.
Are you delivering content that millennials want to engage with? Does it address their concerns? Can you speak to the WIFM for them? Find a few at your company and set up a coffee to ask. The more we talk and learn, the better!
For as much as Millennials have "grown up" with technology as a de facto component of life and work, it’s concerning that in overall technology use and habits, they are no more cyber-savvy than older generations. Using digital technology safely, protecting information, and understanding how companies use data (both in our work, but also as consumers and citizens) is a multigenerational challenge that we desperately need to address. The growing lack of trust in institutions and the lack of cyber skills make top-down approaches to change seem old-fashioned, but Millennials’ strong ties to meaningful work and strong desires to improve the world offer us a key to unlock the door. By using stories that are relatable to different audiences, social influence, and proof techniques, creating training content that hits home on values, it’s just about knowledge but also has meaning and depth helps you connect with and engage Millennials on your teams to inspire and awaken them to the very real need of protecting their digital future.
The Cybermaniacs create cyber-secure humans through our learning experience platform and unique approach to change. Fuzzy on the outside, data-driven on the inside, our cyber awareness training content is sure to delight all demographics at your organization. Learn more about our platform and take a ride on a free demo.