The cyber attacks in 2014 of Sony, Target, J.P. Morgan Chase and Home Depot cost those companies hundreds of millions of dollars and compromised the personal data of over 150 million customers. The damage to the companies’ reputations was immeasurable and equally impacted was the financial services industry. Cyber security has become one of the most complex and compelling business risks of our generation.
Why Millennials Pose Cyber Security Risk
Employees are a key line of defense against cyber attacks. Properly trained and educated, they can mitigate hacking risk as they avoid behaviors that leave a company’s network vulnerable to attack. Conversely, untrained and uneducated employees can inadvertently increase risk through their actions. Millennials pose a higher risk than other age groups for two reasons. First, due to the sheer size of the generation, millennials are prolific users of technology. They make up a third of the workforce today, and as the fastest growing segment, millennials will comprise half the workforce by 2020. Second, while millennials are completely comfortable with technology and have integrated mobile devices into all aspects of their personal and professional lives, many don’t fully comprehend the consequences of a cyber attack to business. They grew up using technology without inhabitation and didn’t have to think or worry about identity theft.
Earlier this month, I attended the 2015 Education Summit of the Western Independent Bankers (WIB) Association. Keynote speaker, Meagan Johnson, spoke about the different generations in today’s workforce and proposed ways companies can recruit and retain millennials. She recommended that businesses significantly loosen policies that limit employees’ ability to freely access and use social media in the workplace. Ms. Johnson believes social media is so completely integrated into millennials’ professional and personal lives that to limit their access for business purposes stifles their creativity and productivity. Younger workers will be attracted to companies that provide this freedom of access.
But the issue is that social media is one of the fastest routes hackers can take into a company’s network. Companies limit access to social media on network computers not because they don’t trust or appreciate millennials, but because of the cyber security risk associated with social media. In heavily regulated industries, the company may be mandated to follow a strict social media policy.
The frustration millennials feel about strict social media policies is not limited to their generation. Hillary Clinton, one of the world’s most famous baby boomers, is currently under intense scrutiny for using a private email server while she was Secretary of State. Ms. Clinton’s stated reason for using the private server for her business correspondence is that she didn’t want to carry two mobile devices, one personal and one professional. Technology adopters of all ages are feeling the conflict caused by wanting to take full advantage of the convenience new technology has to offer while maintaining the security of private, confidential data.
Attract and Retain Millennials in Cyber Secure Companies
I believe it’s possible to maintain high levels of cyber security within a company and also attract and retain the millennial generation.
The first step is to create a company culture that values cyber security and communicates regularly with both candidates and employees on the topic. Emphasizing the importance of securing personal, confidential information from the moment a candidate interacts with the company sets the stage. A well-designed and secure recruiting process that leverages social media appeals to a younger workforce and communicates an innovative culture. Orientation and onboarding programs that include training on the importance of cyber security and the company’s policies and practices explain and reinforce the need for security.
Like every generation before them, millennials entering the workforce want to do a good job and be successful. Once they understand the immense problem cyber security poses, I believe they will become conscientious users of company technology.