The risk, according to Kapuria, is Web 2.0 programs are a huge target now for phishing scams and malicious code attacks. And the implications from these Millennial habits go further than simply putting a corporate IT infrastructure at risk of attack. There are privacy issues to consider, too.
The poll found younger workers regularly store corporate data on personal devices, such as PCs and USB drives, much more than older counterparts. This flies in the face of the 75 per cent of corporate IT managers that said they have policies that restrict corporate data and information on personal devices. Symantec also found 85 per cent of corporate IT managers have policies restricting download and installation of software on work PCs for personal use.
In Kapuria's opinion, the key to minimizing risk from younger workers is education.
"I don't think there is any kind of malicious intent or rebellion on the part of this generation," said Kapuria. "Companies should consider education programs tailored to this audience as part of their security approach."
However, educating older workers is equally important, according to Aaron Wilson, chief technology officer in the Managed Security Services division of Science Applications International. Boomers' lack of familiarity with new technology may make them a risk, too.
"Gen X/Y/Z employees often understand the nuances of the new technologies they bring, whereas Boomers may be equipped with the same technology but not as familiar with all of the functionality," said Wilson. "This can be dangerous from a security standpoint, for example when understanding the subtle difference between encrypted email on a corporate RIM device versus an unencrypted email on an iPhone. To the uninitiated, it's all email. To the security team, it's safety versus possible unintentional exposure of sensitive data."
Access control and security habits
Security consultant Jack Dowling remembers a simpler time when it came to building access and security.
"There was a time when a new system was put in place and there was an understanding that it took time to get used to. Now, as soon as something doesn't work...," Dowling said, sounding like age-wise veteran reminiscing about the old days. "There are always going to be bugs in electronics. But now glitches are perceived as incompetence on the part of the company."
Dowling, the president of in Pennsylvania, has a resume in the field that dates back to the 70's. He thinks both a high level of technical proficiency, coupled with a lot of impatience on the part of younger workers, makes it difficult for organizations to smoothly integrate new security systems and policies these days.
But despite their youth, it's actually not Millennials that Dowling thinks pose the biggest threat when it comes to access. Instead, their slightly older peers are the ones you might want to watch out for if you are concerned about access. While Gen Xers have matured and evolved considerably beyond their so-called rebellious earlier days, Dowling says it is still important to key an eye out for this group, which in today's workforce means workers between 28 and 43 years old.