Digital Natives: How to Avoid Risks with a Changing Workforce

According to a study from Ernst & Young LLP, 83% of US employees understand the significance of cybersecurity protocols for their jobs. However, Gen Z and millennials – the digital natives who comprise a significant portion of the workforce – are less likely to prioritize and adhere to these protocols.

For most digital native companies, the most likely response would be role- and risk-based education. Such an education helps improve safety practices – such as using strong passwords, keeping security software up-to-date, and identifying phishing attempts. However, this is not enough, at least not anymore.

How does this affect digitally native businesses in this era of strict regulations and high-security risks? Is there a way to establish cybersecurity and compliance protocols that even Gen Z and millennials can’t deny?

The Consequences of Skirting the Rules

Millennials (born during 1981-1996) and Generation Z (born in 1997-2012) are two of the more prominent generations in business today. Research demonstrates that this group of digital natives makes up most of our workforce.

The problem? They are more relaxed regarding cybersecurity on workplace devices. As the Ernst and Young report revealed:

“Roughly half of Gen Z (48%) and about one-third of millennial employees (39%) admit to taking cybersecurity protection on their personal devices more seriously than on their work devices, potentially putting companies at risk.”

This “skirting” of security protocol has opened gaps in various systems that social engineers and threat actors are exploiting. Two out of three data breach incidents are caused by negligence, and in the past two years, it has cost businesses up to $15.38 million per incident.

Advanced tactics, techniques, and procedures (TTPs) demonstrate lateral movement across the enterprise and personal communication channels. Moreover, these advanced persistent threats (APTs) actively look for any vulnerabilities, including humans. As SafeGuard Cyber CEO Christopher Lehman puts it:

“We know that human beings are always the most vulnerable element of any cybersecurity strategy. No matter how much training we do, no matter how much awareness is created, human beings are somewhat naive, and the human eye can’t detect a lot of the more sophisticated attacks that they face on a day-to-day basis.”

How Digital Natives Shape the Business of Today

Gone are the days when enterprises provided employees with company-approved devices and machines. Now, most employees, even executives, communicate, collaborate, and work from their devices through cloud apps like Slack, Microsoft Teams, or Zoom. The line that separates personal from business devices has all but disappeared.

Digital native companies, as a response, continue to invest in ways to embed cybersecurity in every business unit. But the problem remains: digital natives are still not open to completely following protocol for various reasons.

1. The security protocol slows task and operation progress with long, tedious authentication processes.
2. It hinders productivity by restricting access to documents and data that a team/individual might need to complete a task.
3. Constant monitoring induces anxiety and raises stress levels because of the feeling of “being watched.”
4. Privacy seems moot when your security solution flags every message on your platform and sends them to an IT security personnel for evaluation.

These are just some reasons we’ve gathered from digital natives across various industries. If an employee feels like their security and compliance solution is curtailing their freedom to communicate, chances are they’ll find a way to circumvent the protocol.

This loops back to what we underlined in the beginning: traditional role- and risk-based education is not enough anymore. Companies need holistic protocols and solutions that leverage advanced technologies to combat risks and address the demands of a changing workforce.

Digitally native businesses must:

1. Provide Unified Visibility across the organization’s communication channels. This way, SOC analysts are not “stuck in swivel chair mode,” or constantly chasing threats across the company’s communication channels.
2. Deploy a solution capable of Cross-Channel Event Correlation. Security teams will then understand the relations between each communication platform and the risks that come with them. This results in a reduced MTTD – from days and weeks to mere minutes.
3. Find a cybersecurity platform that utilizes agentless architecture. This portable security layer should also be able to extend to any instance for a no-hassle, agentless onboarding.
4. Use machine learning and Natural Language Understanding (NLU) to analyze communications contextually. Such a system should be able to flag disclosed sensitive information and automatically alert security operations to protect against further unauthorized use and transmission of confidential information.
5. Above all else, the platform should be non-intrusive and private. It should run in the background of the entire tech stack, scanning messages without divulging sensitive conversations and only flagging communications that directly violate set rules and parameters.

Unified visibility, contextual analysis, and, most importantly, understanding cross-channel event detection and correlation can dramatically improve MTTD and MTTR. With the right solution combining these qualities, Gen Z and millennials can remain work-productive while following data security protocols.

If you are interested in learning more about the SafeGuard Cyber solution, you can take a quick 5-minute tour.