By the year 2020, millennials will make up half of the US workforce. Executives have reason to be excited about the fresh ideas and enthusiasm they will bring to the table -- and wary of their relaxed approach to cyber-security.
Millennials live and work in an age where major data breaches are part of the daily news cycle. Despite this, 44% still believe the companies they do business with are keeping their personal data secure "all" or "most" of the time, according to Gallup research.
Their collective attitude towards mobile security is especially nonchalant, and over half (56%) of millennials download apps without reading permission details. This might seem like a trivial, even unnecessary step to a generation so accustomed to sharing personal data.
"Millennials live online," notes Caleb Barlow, vice president at IBM Security. "They're very used to sharing their information."
There are two major problems with this.
First, app stores are cybersecurity minefields. Most apps are dangerously open paths for hackers to access mobile data. Even though many apps request sensitive information, 40% of companies don't properly secure them. One third of apps are never tested for vulnerabilities.
Further, millennials have no idea how their information is being used. Most are unaware that their behavior is leaving both personal and corporate data vulnerable to hackers, making this generation "ripe for the picking," says Barlow.
Think about how much your phone knows about you -- from specific location and interests to contact lists and various account passwords. Each app holds different data, all of which can be combined to learn a lot about an individual. Millennials feel secure entering their data, so they are more likely to store information on their location, interests, and everyday activity on their mobile devices.
"They are laying down a set of bread crumbs about their lives that will likely never get deleted," Barlow explains.
Certain apps are particularly problematic, he continues. There are plenty that ask for permissions they clearly don't need. A photo app may require camera access, but why does a navigation tool need to see a contacts list? Why does a simple game require the GPS?
"People have to realize that when a free app that requires a lot of information, they are the product being sold," Barlow cautions. In many cases, people are comfortable with this, but they need to understand that once that information is out there, they lose control over it.
This becomes especially concerning when millennials bring their vulnerable devices into the workplace.
"Millennials prioritize ease-of-use first, and they're very passionate about that," says Barlow. When they have an IT challenge, or feel the need to be more efficient or collaborative, millennials don't go to the tech department. They go to the app store for a new messaging service or a file-sharing app.
Businesses don't know the origins of these apps, nor do they have control over them. Millennials may use a file-sharing platform to share sensitive documents, which they can retain and continue to access after they leave the company.
Hearing this, the instinct for many CISOs is to ensure the availability of official corporate tools and blocking other app downloads. Most companies do this, says Barlow. It's common for executives to "bury their head[s] in the sand" while insisting that everyone should be using the corporate platform. Unfortunately, this is the wrong approach.
The goal for enterprises, says Barlow, should be to strike a balance between inspiring innovation and productivity among millennials while eliminating dangerous app downloads within the business.
Barlow proposes that organizations do this is by aggressively embracing new types of technologies and offering the types of collaboration and productivity apps that millennials expect to use. This way, at least the organization is aware they are using company-sanctioned platforms.