Younger employees present challenge to information security, study shows

The new generation of tech-savvy employees could make it difficult for the government to implement risk management policies related to information technology, according to a study released Wednesday by IT security firm Symantec.

The study found that millennial workers, or those born after 1980, have more lax attitudes regarding technology use at work than their older colleagues. For example, millennials access Web sites like Facebook and MySpace as well as personal finance applications and personal e-mail accounts much more frequently at work than do older employees.

Additionally, 75 percent of millennial workers have downloaded software onto their work computer for personal use, compared with 25 percent of older workers, the study found.

Symantec conducted the survey in March with 200 respondents each from three groups: millennials; working professionals born during or before 1980 and IT executives. The survey was designed to gauge technology issues facing younger and older employees in the workplace as well as the impact of technology on IT professionals.

Samir Kapuria, managing director of Symantec Advisory Consulting Services, said Wednesday that while the survey was geared more toward the private sector, the findings have implications for federal sector management and information technology.

The survey found that IT managers believe they are doing an adequate job educating the workforce, while many employees said they do not receive adequate training on their organization's technology policies. Only 57 percent of younger and older employees said they have received training. Additionally, 11 percent of millennials indicated they've received training but do not follow the policies.

Among surveyed corporate IT managers, 89 percent reported an increase in their risk exposure in the past five years, largely because of a new wave of technologies and the millennial workforce's more freewheeling attitude toward IT. The increased risk has caused 36 percent of managers to write and enforce new policies, and 67 percent to at least consider restricting the use of the latest Web 2.0 applications and smart devices, the survey found.

But Kapuria noted that while millennial workers bring some risk to an agency, they also are the most proficient users of emerging technologies, providing an opportunity to leverage those skills to the organization's benefit.

Kapuria added that the study can be particularly helpful for federal IT managers, especially as the government faces a retirement exodus over the next decade. "With the shift in leadership, there's an opportunity to look at the practices currently in place and revamp them in recognition of the new cultural mindset for the millennial generation," he said.

In addressing the boost in millennial hires, the survey recommends that federal agencies follow certain IT risk management best practices. This involves an examination of which technologies and practices employees are adopting and identifying methods to limit use of inappropriate ones.

The study also recommended that agencies implement policies based on the alignment of business and IT value. This involves providing education that communicates the risk, solution and benefit of certain technologies.

Agencies also should create a plan based on their risk profile and mitigation capabilities, and decide whether to restrict use of new technologies or learn about their benefits and allow adoption. "Harness the capabilities and proficiency of the millennial workers to architect a solution encompassing three pillars: technology, process and people," the study said. "Recognize that coaching the millennial workforce is more effective than educating."