Security and the generational divide

CSO - The generation gap. It's a term that has been used for decades to describe the differences between people in various age groups. Corporations are constantly considering what makes different generations tick when it comes to recruiting and retaining employees. But security experts say companies also need to examine age-based perspectives and habits when it comes to risk assessment and policies.

Cultural analysts generally divide today's workplace personnel into three generations: baby boomers, Generation X and Generation Y, also known as millennials. The stereotypes typically go like this:

• Millennial employees, workers born after 1980, are tech-savvy and have short attention spans.
• Baby boomers, born between 1946 and 1965, are loyal and dependable, the original workaholics.
• Gen Xers, once known as the slacker generation born between 1965 and 1980, tend to be cynical and independent.

Companies need to understand all perspectives in order to effectively communicate their security policies.

Stereotypes are useless for predicting the actions and reactions of any one person. Yet these characteristics do tend to ring true in the workforce at many organizations, according to Roberta Chinsky Matuson, president of Human Resource Solutions, a Massachusetts-based consultancy that regularly advises corporations on generational differences. Companies need to find ways to relate to all perspectives in order to create and communicate effective security policies as well as to defuse what Matuson calls "potentially explosive situations."

"From a security standpoint, there is a lot of opportunity for misunderstandings," said Matuson. "We need to educate people about what those are."

According to the security and HR experts CSOonline spoke with, each generation is prone to engage in risky behavior of different types and may not understand how habits are compromising a company's risk level. A clear example is recent research from security software maker Symantec Corp. The survey, which was released earlier this year, found that IT managers are at odds with millennial workers. Among respondents, 66% of Gen Yers said they use Web 2.0 technologies, such as Facebook and YouTube, while at work. Only 13% of older workers admitted to logging onto these kinds of Web sites in the office. Meanwhile, Symantec also surveyed IT managers, and 50% said they have policies specifically banning Web 2.0 applications such as social networking, iTunes, streaming video and gaming applications. [See "Web 2.0 Applications and Sites (and Security Concerns)" for specific examples of such sites and application and their attendant risks.]

"For millennials, there is more blurring of the lines between work and home," said Samir Kapuria, a managing director at Symantec Advisory Consulting Services, the organization that conducted the survey. "They tend to use what they have at home while at work, and this is really forcing corporations to rethink IT risk management."