In 2015, millennials surpassed Generation X and baby boomers as the largest single generation currently in the U.S. workforce, according to Pew Research Center.
However, what is occurring is less a takeover and more a realignment of the workforce, in which millennials (those ages 18-34) coexist alongside Gen-Xers (ages 35-50) and baby boomers (ages 51-69).
Small businesses need to rethink their IT security posture in the face of these changes. Every generation approaches work and technology differently — a 59-year-old manager is going to think about data security differently than a 22-year-old just starting their career. Recent studies have shown that different generations have disparate attitudes and behaviors regarding digital security.
Small businesses cannot take a one-size-fits-all approach to cybersecurity. Instead, they need to tailor their IT security policies and technology investments so that they address as many of the vulnerabilities their multigenerational workforce poses as possible. These policies and investments should be flexible enough to account for the varying behaviors of a small business's workforce, but have enough layers to protect against different vulnerabilities.
Millennials and Baby Boomers View Security Differently
Recent studies have shown that younger generations think about online security less than their older counterparts, and that they are viewed differently by IT security professionals. One might guestimate that type of usage, volume of time and varying online activity add to this differentiation. Additionally, younger generations may make assumptions that inherent levels of security exist in the workforce and are therefore are less hesitant in exercising their online activity. This is even more of a reason for IT layering and established protection via security technology.
A 2016 Webroot survey found that, despite a reputation for being less technologically savvy than millennials, 49 percent of baby boomers reported they have anti-virus solutions installed on their devices — 10 percent more than millennials. Notably, the survey found that 49 percent of millennials were concerned about someone gaining access to their social media accounts, versus 33 percent who were concerned about someone getting access to their email accounts.
Meanwhile, a 2017 First Data survey found that 82 percent of millennials reuse passwords for websites and apps, compared to 70 percent of boomers.
First Data also reported that 86 percent of baby boomers hardly ever download free applications or software to their work devices without consulting IT, compared to 75 percent of millennials.
In terms of how demonstrators view the different generations, a March 2017 global study of IT and IT security practitioners by the Ponemon Institute and underwritten by Citrix surveyed workers to find which generation posed the greatest risk to sensitive information in the workplace, and millennials received 55 percent of the vote. Only 25 percent said Gen Xers pose the greatest risk and just 20 percent said that about baby boomers.
The Ponemon study also found that millennials (39 percent) are seen as more than twice as likely as baby boomers (16 percent) to use unapproved apps and devices. Notably though, baby boomers are seen as being the most susceptible to phishing and social engineering attacks (33 percent) or the most unaware of how to protect sensitive and confidential information (30 percent).
In contrast, only 15 percent of millennials and 17 percent of Gen Xers are viewed as lacking in knowledge about how to protect sensitive and confidential information, but 30 percent of boomers are.
Tailor Your IT Security Approach
So how can IT security teams navigate this terrain? Stan Black, chief security and information officer at Citrix, and Donna Kimmel, chief people officer at Citrix, offer lots of helpful tips.
Boiled down, they are:
Identify and build in contextual access control so that users have access to the apps and data they need and nothing more. It's also a good idea to automatically prevent employees from running unauthorized apps on corporate networks.
Extend those protections to mobile platforms, but give users freedom to access data securely on the go.
Embrace virtualization and containerization for critical apps and data.
Gain visibility via analytics so that you can be proactive about security.
Increase cyber hygiene education for users.
These steps will not solve every security problem, but they will go a long way to helping secure your multigenerational workforce.