“With most systems having the presence in the cloud – data security is of utmost importance when designing the systems.”

– Rajiv Khanna – PPIC Software Solutions

The following article written by: Daniel Humphries, Software Advice

In 2015, millennials will become the largest demographic in the workforce, with a population of over 75 million. Security experts are concerned that this group’s attitudes toward privacy, combined with expectations regarding what devices and apps they can access at work, will bring new cybersecurity challenges to the workplace.

Software Advice surveyed employees from three different demographics—“millennials” (those born after 1980), Generation X, or “Gen X” (born from 1965-1980) and “baby boomers” (1946-1964)—on their attitudes toward security issues. In this report, we look at the impact generational attitudes have on behavior and whether millennials really do expose businesses to heightened risk. We also provide advice on how companies can stave off that risk.

Key Findings:

1. Millennials have the worst password reuse habits of all demographics: 85 percent admit to re-using credentials across sites and services.
2. Risky behavior can be found across demographics: 16 percent of millennials and 14 percent of Gen-Xers accept social media invites from strangers “most of the time.”
3. Boomers may in fact pose a bigger BYOD challenge than millennials: 48 percent of the former use personal devices to access work files, versus 40 percent of the latter.
4. Millennials are most likely to find security workarounds: A combined 56 percent admit they would “very” or “moderately likely” evade restrictive workplace controls.
5. Millennials are less interested (15 percent) in receiving security training through “gamification” than Gen-Xers (18 percent), while boomers prefer lectures (44 percent).

Introduction

The rise of the millennials—the allegedly tech-savvy, superconnected segment of the population—is leaving some security experts profoundly anxious.

For instance, Andrew Avanessian, vice president of Global Professional Services at security firm Avecto, describes them as nothing less than a “a new attack vector that is emanating from the inside.”

Author and security expert Steven Weisman is also concerned: He considers millennials “a tremendous risk to the data security of their employers.” But why the concern?

“Millennials are tremendously comfortable with, and active users of, great amounts of social media—but unfortunately, do not often do so with the proper security precautions, which can lead to data breaches,” Weisman explains.

This pessimistic perspective is not universal, however. For instance, Joe Siegriest, CEO of password management firm LastPass, states that “millennials are not any more of a threat than any other generation.”

So, do we stand on the brink of techno-armageddon? Are elders really better when it comes to cyber-security? Let us use statistics to shine some light on the matter.

Millennials Are Serial Offenders When It Comes to Password Reuse

We begin with the basics: password reuse. After all, once compromised, credentials recycled on different accounts may give cyber-crooks access to sensitive information.

But which demographic is most likely to reuse passwords?

Have Reused Passwords in Past 12 Months

Here, millennials come out in front, with 85 percent admitting to reusing passwords. However, Gen X lags only six percentage points behind, at 79 percent, while almost three-quarters (74 percent) of boomers are guilty of the same bad habit.

So are millennials inherently more cavalier regarding password security? Not necessarily: assuming millennials use more online services and apps than their parents and grandparents, they will have a greater quantity of passwords to remember. So it’s no surprise if they reuse some of them. So what is to be done?

Siegrist suggests that “Businesses should put the tech-savviness of millennials to work for them.”

For instance, employees can be encouraged to use password managers, which create unique credentials for all accounts, but that can be managed through one, ultra-strong master password. Given that password reuse is endemic, this is a tool every employee should use—not just those born after 1980.

Businesses can also implement two-factor authentication, which combines a password with a randomly generated number that is sent to the user and that changes at each login, thus rendering compromised credentials useless.

Siegrist suggests that this could be an easier sell to millennials who are attached to their smartphones. For instance, it can be as simple as installing an app on a phone: The app will generate the second factor for the user, reducing the need to rely on text messages or emails.

Millennials, Gen X Almost Equally Risk-Prone With Social Media Use

Social media can provide criminals with a rich trove of information to be deployed in phishing attacks on businesses. Some experts fear that millennials’ more relaxed attitude toward online privacy increases this risk.

“People who grew up oversharing on social media often do not comprehend, from a practical level, the full gamut of what they should not be sharing—even after being told of privacy and confidentiality policies,” says cybersecurity expert and Forbes contributor Joseph Steinberg. “They simply do not have the same sensitivities as prior generations.”

So next, we asked respondents how often they accept invitations from complete strangers on social media, thereby granting them access to the personal information in their profiles.

Frequency of Accepting Social Media Invitations From Strangers

• Millennials

  

• Gen X

  

• Boomers

  

Here, millennials are only marginally ahead of Gen X and the boomers, with 3 percent “always” accepting invites versus 2 percent in both older demographics. This close alignment suggests that it is less a question of generational attitudes and more that there is always a small subset of individuals in the wider population who are excessively open or trusting.

In the next-riskiest category, millennials and Gen X are closely aligned, with 16 percent and 14 percent accepting invites “most of the time.” Only the boomers show heightened concern, with a mere 8 percent accepting such invites “most of the time”—and a further 50 percent “never” doing so, versus 38 percent of millennials and 42 percent of Gen-Xers.

Is the prevailing image of millennials as over-sharing naifs exaggerated? Security expert Todd Inskeep, who sits on the advisory board of the RSA Conference, thinks so:

“The cultural environment has changed—people are more open. This openness isn’t generational, it’s cultural, and applies to people of all ages,” Inskeep explains.

In addition, some social media platforms may be riskier than others. According to Kevin Epstein, vice president of information security and governance at security firm Proofpoint, phishing scams using fake LinkedIn templates are twice as successful as any other social media scam. Meanwhile, according to the Pew Research Center, the demographics of LinkedIn users skew older.

LinkedIn users also outnumber the generally younger Twitter demographic: 300 million to 271 million. Thus, since boomers and Gen-Xers and Boomers are more active on LinkedIn, gains from whatever relative caution they may display could be nixed by the higher degree of phishing danger associated with the platform.

It’s little wonder then, that Mark Orlando, director of cyber-operations at security firm Foreground Security, argues that we should “ditch stereotypes.” Orlando suggests something simple: All users, regardless of age should be encouraged to treat information in social networks “the same way they would their finances: Be aware of who has access to it, how it’s being used and, most importantly, how and to whom it is distributed.”

Mature Demographics May Pose a Higher BYOD Risk

One trait widely associated with millennials is their devotion to devices: Indeed, so intense is the relationship that a new term—“nomophobia”—has been coined for the anxiety that arises when separation occurs. In one study, 40 percent of millennials said they would feel “anxious, like part of me is missing,” if they were separated from their smartphones.

This expectation of instant access through devices also applies to their professional lives, says Elise Yacobellis, director of development for the IT security certification organization (ISC)².

“Millennials … in all industries are focused on accessibility to information at work,” she says. “They grew up with technology at their fingertips, and they won’t expect any less in their work environments.”

However, the Bring Your Own Device (BYOD) phenomenon, in which employees use their personal devices for work purposes, also heightens risk, as personal smartphones and tablets rarely have the same level of protection as technology placed behind a corporate firewall. But are millennials really the worst offenders?

Frequency of Using Personal Devices to Access Work Documents

• Millennials

  

• Gen X

  

• Boomers

  

In fact, older demographics may be more inclined to obscure the work/personal divide. Forty-seven percent and 48 percent of Gen-Xers and boomers, respectively, admit to accessing work documents on personal devices “very often,” versus 40 percent of millennials.

Could it be that millennial tech savviness is a myth? Frank Bradshaw, CEO of cybersecurity consultancy Ho’ike Technologies suggests that it may be exaggerated.

“Remember, the people calling them ‘tech-savvy’ are Generation X and older. … A group of people that spent a great deal of their 20s and 30s marveling [at] how six-, seven- and eight-year-olds could figure out technology. The reality is technology was made exponentially easier by each passing decade,” he explains.

However, even Bradshaw agrees that millennials as a group are “completely mobile.” Perhaps the line between work and personal computing is more blurred among older demographics because they are more likely to be in managerial positions, working at home in the evenings, or toiling away at high priority projects on weekends.

So, what to do?

Todd Peterson, product marketing manager for Identity and Access Management at Dell, suggests:

“Allow employees to access work information from wherever they are and with whatever device they want, but maintain control of that access and only grant it where it’s absolutely necessary.”

To achieve this, firms can provide users with a list of approved apps and implement document control, limiting which resources employees can access using their own devices.

“Users should stick to well-known, reputable application marketplaces and pay attention to the features and information accessed by new apps. Again, personal and professional separation is key, whether or not there are mobile or BYOD controls in place,” adds Foreground Security’s Orlando.

This means no haphazard downloading of freeware found floating on the Internet. Rather, users should stick to reputable outlets, such as Google Play or the Apple App store.

As for policies defining use, Yacobellis says that as long as they are “sensible, well-balanced and enable business efficiency” there shouldn’t be concern: “The key is awareness and training, along with an explanation of why the policies are important,” he notes.

For instance, it should be easy to explain to employees why their devices must be password-protected, and that these passwords must be strong (e.g., at least eight characters, with a mix of numbers and special characters).

Millennials More Tempted to Use ‘Workarounds’ to Evade Workplace Controls

Regardless of what protections are in place, however, Dell’s Peterson suggests there may be another potential security problem associated with millennial employees who tend to have a “‘just get the job done’ mentality:

“This presents risk, because people will look for ways around security if they perceive security as a barrier,” he says.

Of course, employees may also look for workarounds simply because they object to having access to their favorite apps or social media restricted while at work. But is it only millennials who are likely to search for ways to circumvent the rules?

Likelihood to Use Security ‘Workarounds’

• Millennials

  

• Gen X

  

• Boomers

  

Perhaps not: 15 percent of millennials say they are “very likely” to find a way around security controls they consider too restrictive, versus 13 percent each of Gen-Xers and boomers. This close correspondence suggests the existence of a defiant personality type in every generation.

The results for “moderately likely” tell a different story. Here, 41 percent of millennials—versus 29 percent of Gen-Xers and 15 percent of boomers—say they are willing to consider finding a workaround. Perhaps facility with technology is the significant factor here: A generation with greater familiarity with these tools is more likely to consider each situation on a case-by-case basis, whereas those without the required skills will not even try.

It is a serious problem, says Paul Caiazzo, chief security architect for risk management and compliance firm TruShield Security Solutions. Caiazzo says that in his experience, “tech-savvy employees” are adept at finding tools to circumvent (for instance) restrictions placed on their social media use. However, he adds that even if a corporation does succeed in blocking all social traffic, it “runs the risk of alienating these young professionals.”

Users may also be sending confidential information outside the network, Caiazzo continues. Here, the “most mature organizations” combat the problem by combining endpoint monitoring with intelligent content-based filtration and alerting businesses when sensitive information goes AWOL, but “this technology must be well-configured and must not be seen as a silver bullet.”

In short, as with all information technology security issues, a business must protect itself through both training andtechnical controls.

Generations Split on Security Education Preferences

Clearly, all demographics are prone to risky behavior, and employees of every age need training. But do different generations have different preferences on how they like to receive it?

Preferred Methods for Receiving Security Training

• Millennials

  

• Gen X

  

• Boomers

  

Here, the greatest differences are between the boomers and the two younger demographics. Boomers still appreciate the traditional lecture-based method, with 44 percent saying that they prefer “in-person talks.” Millennials and Gen X, however, prefer to receive their training online.

Raj Goel, who supplies firms with security training through his company Brainlink, has additional pointers. Older people tend to read, he says, while younger employees prefer videos. Thus, he provides older employees with articles, and shows short YouTube clips when dealing with a younger audience. In addition, Goel says he tailors his case studies and examples so they are relevant to the audience.

For instance, with “college kids and new hires,” he will use illustrations tied to users’ personal lives, focusing on how, following sloppy social media habits, “kids have been kicked out of school, lost jobs, lost dates, been fired, etc.”

For 40-somethings, he will choose such themes as “how to parent in the age of Google” or “how companies have lost hundreds of thousands of dollars through payroll theft.” For those in their 60s or older, meanwhile, he will select themes such as “scams to avoid.”

Conclusions

While millennials demonstrate riskier behavior in some areas, they are not a uniquely dangerous demographic, and all generations pose serious security challenges. Likewise, every demographic has a role to play in reducing risk.

And so, instead of struggling in vain to stamp out millennial habits—and as our survey shows, those of older generations, as well—firms should seek to harness them. They can offer additional tools, such as password managers or two-factor authentication, or provide anti-phishing training, while explaining why these defenses are important.

The security challenges businesses face are growing, and the easier firms make it for their employees to help with that task, the greater the likelihood of success in the fight against cybercrime. Organizations must embrace every tool and approach available to them, partnering with all of their employees in the fight against cybercrime.

Methodology

To find the data in this report, we conducted an online survey of 529 employees of U.S. businesses who used computers in their daily work, filtering the total into demographic subgroups by date of birth. We asked eight questions, and collected 529 responses per question. All survey questionnaires undergo an internal peer review process to ensure clarity in wording.

Learn More about PPIC Software Solutions.

“Time for SMB’s to get the word out!”

– Glenn Baruck, eDot Holdings

The following article written by: Martin Jones, Forbes

Getting the word out about your company is one of the biggest challenges for small business owners today. No matter how great your product is, it can be hard to get noticed when your marketing budget is a fraction of the size of your bigger competitors.

Fortunately, there are a few things you can do to even the score. With websites likeLinkedIn, Facebook, Twitter, Instagram, Periscope, and more being developed each day, it has never been easier to get more bang for your buck and to use social networking to your advantage.

People Give Money to People

It’s an old fundraising adage that people give money to people. This is not to say that a great idea doesn’t help, but at the end of the day the thing that’s going to attract customers to your brand and keep them coming back is a personal connection.

Social networking helps you make a personal connection by allowing you to give your followers access to a behind-the-scenes look at your business. The swanky Providence-based restaurant North’s Twitter feed is a great example of this kind of approach—almost every post has an image of a new menu, fresh ingredients, or a delicious-looking new dish. Including images is a key strategy for increasing intimacy and creating more effective and shareable social media content.

At the same time, customers will often go to your social media pages as their first attempt to reach out for customer service assistance. This gives you an opportunity to make an individual connection, solve the problem, and turn customers into enthusiastic advocates for your business.

Social Networking to Help Each Other Learn

In a small business you often wear many hats. You’re running the day-to-day operations, doing the financials, maybe even designing and updating the website. We’re often in a situation where we need information to troubleshoot a problem, but don’t have an expert on-hand or the resources to hire one.

Social media can help with this kind of situations by providing you with a network of peers to ask questions. It could be that another small business owner you’re connected to ran across the very same problem last year.

A study of small and midsized businesses commissioned by LinkedIn found that about half of businesses surveyed used social media as a learning tool: to discover best practices, learn from experts, and get answers to any questions that have come up while running their business.

Social Networking is Cost Effective

At the end of the day, social networking is a good choice for small business owners because it is cost effective. CIO’s writeup of inexpensive ways to boost impact includes figuring ways to incentivize sharing by offering referral discounts, targeting key influencers with free samples, co-marketing, and listing with Help A Reporter Out to offer media opportunities and get better press coverage.

Social networking is powerful because it is infinitely scalable. With the right approach your message can be shared over and over again. Something like the ALS Ice Bucket Challenge combined several of these approaches, mixing a strong and personalized image (your friend getting a bucket of ice water dumped on them) with an incentive to share it (you challenge your friends to do the same). The campaign has raised over $115 million to date.

Finally, the LinkedIn study found there was a strong correlation between social media spending and small businesses that were experiencing “hyper growth,” meaning they had significant year-to-year increases in revenue. Taken as a group, these businesses have increased their spending for one simple reason: social media networking works for them, and it can work for you too.

Learn more about the eDot Family of Companies.