Developing cybersecurity policies for a multi-generational workforce requires the consideration of several factors. Each generation lacks cyber awareness in different areas. We also have to consider how each generation responds to training. 

Generational Divide

Before implementing cybersecurity policies, we need to address that each generation creates a security risk for different reasons. The majority of workplaces employee people who belong to all three generations: Baby Boomers (born between 1946 and 1956, Generation X (born between 1965 and 1980), and Generation Y or “Millennials” (born between 1980 and 1997).  

One study analyzed the cybersecurity habits of each generation and found the following: 

-Baby Boomers are the most likely to be fooled by phishing scams and social engineering scams.  

-Gen Xers are the most likely to demonstrate non-compliant behaviour and negligence when it comes to security policies. 

-Millennials are the most likely to use unapproved apps in the workplace. 

An effective cybersecurity policy for today’s workforce needs to address the variety of ways different generations create security risks. Effective training will target the specific lack of cyber awareness of each generation. 

Generational Similarities 

Despite that each generation is more likely to pose risks in certain ways, there are some cyber habits that all generations share. A study revealed that 94% of employees use public WiFi and 69% of this group used the public Wi-Fi to access work data. Public WiFi connections can pose security risks since the connection is unprotected, yet this is a habit all generations are guilty of.  

All three generations are known to have weak passwords. The majority of employees use the same password for several accounts and never update their passwords. Several employees lack awareness around the use of two-factor authentication. Only a small percentage of employees voluntarily enable two-factor authentication when it is available for an account. 

All of these poor cybersecurity habits are fairly easy to prevent. A cybersecurity policy needs to acknowledge that many habits are not necessarily generational but due to an overall company culture that accepts non-compliant behaviour or just a lack of training altogether.  

Cybersecurity Policies Need To Address Generational Habits

Many Millennial workers access Web 2.0 Technologies at work. IT departments are banning these types of websites from workplace use as these programs are a common target for phishing scams. Younger workers are also more likely to store corporate data on their personal devices and fail to comply with policies that restrict the use of such data outside the workplace.  

Several of these habits stem from the fact that for Millennials there is a blurring of the lines between work and home. A cybersecurity policy needs to address this issue and be complemented with other workplace policies that promote a healthy balance between work and personal life.  

However, Millennials are actually more compliant with high-security systems than their Gen X or Baby Boomer colleagues. Millennials have been defined by the security consequences of 9/11 and have learned the value of security systems from a young age. Gen Xers are more likely to favour non-compliant behaviour. They don’t see as much value in security defences and view it as an interference with their productivity.  

Baby Boomers’ actions mostly stem from not understanding cybersecurity and the defences IT departments put into place. Baby Boomers may fail to understand, “the subtle difference between encrypted email on a RIM device versus an unencrypted email on an iPhone“. This lack of awareness around security defences could lead to an unintentional leak of confidential data. 

Implement Inclusive Cybersecurity Training

The most effective cybersecurity policy for a multi-generational workplace will provide inclusive training that appeals to employees of all ages. Implementing online training offers flexibility and autonomy that your employees will value. Online training allows employees to learn at their own pace and feel more comfortable with cybersecurity policies.  

Avoid stereotyping. Although this article has pointed out some characteristics different generations share don’t assume that younger people are tech savvy and will fully understand all of your security defences. Also, don’t assume that someone older won’t be able to learn how to adapt to more advanced security processes. 

Keystone Technologies can help you implement security solutions for your business. Learn more about our services.