Network security in era of millennials
ONE of the toughest gigs in IT is the job of keeping an organization’s network safe. It is also one that is getting tougher with the rise of the millennial generation.
Millennials—those in their 20s to mid-30s—are starting to dominate workplaces around the world. More than one-in-three workers in the US are millennials, a 2015 study by Pew Research Center found. And this demographic group will account for half of the global workforce by 2020, according to PwC.
The term “millennial” has many connotations. Among them: They like sharing on social media. They won’t put up with bad user experiences. They want a flexible approach to work. They move on quickly if their expectations are not being met. These characteristics will define the culture of the future workplace. They will also put the current network security regimes of many organizations to a stern test.
Here are some considerations.
1. Social media
To block or not to block? Many organizations have probably considered this question when it comes to their employees’ use of social media in the workplace.
A study by HR software provider CareerBuilder, which polled employers from North America, found that 37% of employers see social media as one of the major productivity killers at the workplace, behind mobile phone and texting (55%), using the Internet (41%), and gossiping (39%). Three in four employers say two or more hours are lost a day in terms of productivity because employees are distracted.
From a network security perspective, social media is a vector for malware and socially engineered attacks. It is easy to ban or restrict social media sites at the network level. Static URL filters in Web filtering software can block or monitor specific URLs. The category-filtering feature can block entire groups of websites.
But that doesn’t mean CIOs should start blocking social networks at the workplace.
A better approach is to relook at how network security is being enforced holistically. Having a clear social media policy and training for staff is a good start.
2. Know thy security layers
Layered security, whereby different layers of security controls combine to protect data, devices, and people, is widely adopted today. It ensures that when attacks occur at different sources, whether at the network, application, device, or user level, they can be detected and stopped before they spread. It also offers an effective safeguard against different types of threats.
With the changing workplace habits brought on by millennial workers, CIOs should relook at how they are setting up each layer of protection.
3. Tackle shadow IT
Shadow IT is a term used to describe the use of applications and services, often cloud based, not sanctioned by the organization. Its uncontrolled nature poses a security threat and governance challenge.
Consider the scenario of employees using their smartphone to open a file. It is likely the phone will make a copy of the file, which could then be sent to an unapproved online storage destination when the phone performs its routine automatic backup. Just like that, your secure corporate data has been moved to an insecure location.
In the same way, the many social collaboration apps favored by millennials can shift sensitive company information to insecure locations.
Mandating that staff stop using non-sanctioned devices and applications is unlikely to stop their growth in the organization. Frankly, with the ubiquity of smartphones, employees are using social networks and their personal cloud apps whether your policies prevent it or not.
What could be more effective is to educate users, as well as implement technology—such as data encryption, access control, and traffic monitoring—to manage the issue.
From a larger perspective, shadow IT happens when your staff is not happy with the solutions provided by the organization. While CIOs may not be able to prevent staff from seeking out alternative apps for, say, collaboration, they can keep things in check by being attuned to their needs.