People from different generations tend to approach cybersecurity differently. Organizations should tailor their security programs and phishing tests with this in mind. According to Azeem Aleem, vice president cybersecurity consulting at NTT Ltd. In an article for Verdict, Aleem cited a recent study by NTT which found that employees over the age of thirty are actually more likely to follow cybersecurity best practices than their younger counterparts. This may be due to the fact that they have more experience with different types of technology over the years.
Employees younger than thirty tend to expect technology to be fast and convenient in a way that supports their work, and they often view security protocols as an inhibitor to productivity. Aleem says organizations should take advantage of younger employees’ desire for increased efficiency.
“In order to ensure that the fantastic creativity and energy of younger workers is harnessed security practitioners need to rethink the way policies operate and create more innovative ways to improve the fit between security and the tasks employees are required to undertake are part of their core work” Aleem writes. “For younger workers that means policies that help them achieve their tasks rather than block them.”
Accordingly, Aleem says an organization’s security posture should be tailored to maximize both productivity and security by addressing employees at their own level.
“It’s clear that different generations use technology in very different ways so it’s down to business leaders to develop strong cybersecurity practices for all generations within the business that enable rather than put up barriers,” Aleem writes. “Security leaders need to be more approachable and talk the language of business, not IT. Education is integral to changing cybersecurity behaviour, so make the learning process engaging and relevant to all generations in the workforce.”
Employees of all ages have strengths and weaknesses when it comes to cybersecurity, and an effective security training program will be structured around this dynamic. That doesn’t mean “OK Boomer,” or “Toughen up, [Millenial] Snowflake.” It does mean knowing your employees and setting them up for success. New-school security awareness training can provide your organization with education tailored to each employee’s needs.
Verdict has the story: https://www.verdict.co.uk/generations-cybersecurity/