Gen Y Workers Ignore IT Policies, Don't Think About Security
Modernizing Authentication — What It Takes to Transform Secure Access
Employees aged 18-30 tend to have lax attitudes about computer security and are more likely than their older ounterparts to ignore IT policies, according to a recent Cisco report.
About 61 percent of young employees surveyed by Cisco researchers feel corporate IT security isn't their responsibility and should be handled by their employer or the device manufacturer, the researchers wrote in the third installation of Cisco's "Connected World Technology" report released Dec. 14. "Young employees" in this report included 1,400 college students polled between the ages of 18 and 23 and 1,400 professionals polled under the age of 30.
Seven out of 10 young employees polled also frequently ignore IT policies and 67 percent feel the IT policies on social media and device usage are outdated and need to be modified to "address real-life demands for more work flexibility," according to Cisco. The younger workforce has "different" expectations of what should be allowed at work, and over time these policies and restrictions may become a deciding factor in where they choose to work, Scott Olechowski, threat research manager at Cisco, told reporters at a press event announcing the report.
"The desire for on-demand access to information is so ingrained in the incoming generation of employees that many young professionals take extreme measures to access the Internet, even if it compromises their company or their own security," the report said.
One-third of respondents don't believe they are doing anything wrong. Meanwhile, 18 percent said they don't have time to think about policies when working, and 16 percent said the policies are not convenient. About 22 percent said they need access to unauthorized programs and applications to get their jobs done, and 19 percent said the policies aren't being enforced.
These students and professionals are looking for more open access to information and social media, according to John Stewart, chief security officer of Cisco. IT and security policies must adapt to enable mobility and productivity while still managing risk, he said.