informa
/
Commentary

Gen Y Employees: Your Future--And Your Biggest Threat

Our excellent sister site Dark Reading has summarized three reports about a group representing the latest in in-house IT security threats: they don't know or don't care about IT security policies, they're heavy users of cutting-edge technologies, and they care more about securing their home PC than their work PC. They're your Gen Y employees, and they're your future.
Our excellent sister site Dark Reading has summarized three reports about a group representing the latest in in-house IT security threats: they don't know or don't care about IT security policies, they're heavy users of cutting-edge technologies, and they care more about securing their home PC than their work PC. They're your Gen Y employees, and they're your future.The Dark Reading piece by site editor Tim Wilson, "IT Security's Next Big Threat: Young People," looks at three separate studies released in the last few weeks by major organizations that all come to similar conclusions:

"Since Nov. 5, three separate studies -- from Accenture, Intel, and ISACA, a major IT users group -- have indicted the youngest generation of employees as one of the enterprise's newest and most serious security risks. People under the age of 28 -- sometimes called Generation Y and sometimes called Millennials, depending on how you define the category -- are engaging in online behavior that could expose their organizations to data leakage and information theft, the studies say."

For CIOs, these findings raise a number of questions that need to be addressed pronto:

  • Is this going on in my company? If so, how widespread is the behavior?
  • Are we providing the right type of training? If so, why isn't the training being followed? And are these young employees fully aware of the consequences of their actions?
  • Given the threats this behavior is causing, it's clear something has to change. But is that the behavior of these front-edge employees, or the policies proscribing corporate behavior?
  • How can I turn this potentially dangerous exposure into a positive experience for the whole organization? How can I mitigate the risk while not stifling new ideas and approaches that my company needs to keep pace with the times?
  • With regard to what needs to change, the Dark Reading piece says some CIOs are deciding to update their policies to match the new times, rather than insist that their younger employees step back from using new technologies in accordance with traditional rules:


    "Interestingly, the Intel study suggests that many IT organizations are changing their behavior to accommodate the younger employees, rather than the other way around. Nearly 30% of the IT pros surveyed said they have changed their IT policies to meet the demands of Gen Y, allowing employees to access their work e-mail from noncompany smartphones or other devices and, in some cases, relaxing their rules surrounding the use of social networking sites."

    This challenging situation represents precisely the type of unprecedented choices global CIOs will have to make as business models and associated business behavior begin to change at the pace of technology. In that context, it seems like the right approach is to lean into the trend and embrace these new approaches rather than trying to pretend that rapid and jarring change won't affect your company. Anyone out there know of companies that are trying to harness rather than stifle the cutting-edge insights, approaches, and innovations of young employees?