Study: Younger Employees Lax About IT Policies

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.,

Researchers from Cisco have found that younger professionals are easy-going about breaking security policies at work

Younger employees tend to have lax attitudes about computer security and are more likely to ignore IT policies, according to a recent Cisco report.

About 61 percent of young employees surveyed by Cisco researchers feel corporate IT security isn’t their responsibility and should be handled by their employer or the device manufacturer, the researchers wrote in the third installation of Cisco’s “Connected World Technology” report released on 14 December.

“Young employees” in this report included 1,400 college students between the ages of 18 and 23 and 1,400 professionals under the age of 30.

‘Outdated’

Seven out of 10 young employees also frequently ignore IT policies and 67 percent feel the IT policies on social media and device usage are outdated and need to be modified to “address real-life demands for more work flexibility”, according to Cisco.

The younger workforce has “different” expectations of what should be allowed at work, and over time these policies and restrictions may become a deciding factor in where they choose to work, Scott Olechowski, threat research manager at Cisco, told reporters at a press event announcing the report.

“The desire for on-demand access to information is so ingrained in the incoming generation of employees that many young professionals take extreme measures to access the Internet, even if it compromises their company or their own security,” the report said.

One-third of the respondents don’t believe they are doing anything wrong. Meanwhile, 18 percent said they don’t have time to think about policies when working, and 16 percent said the policies are not convenient. About 22 percent said they need access to unauthorised programs and applications to get their jobs done, and 19 percent said the policies aren’t being enforced.

These students and professionals are looking for more open access to information and social media, according to John Stewart, chief security officer of Cisco. IT and security policies must adapt to enable mobility and productivity while still managing risk, he said.

“Done well, security enables mobility and social media access to provide the necessary productivity boost,” Stewart said.

Identity theft risk

One out of three students said they do not think about privacy and don’t mind sharing personal data online, the report found. The casual attitude toward security may have something to do with the fact that nearly 25 percent said they had been a victim of identity theft before the age of 30, speculated the researchers.

More than half of the young professionals have allowed others to use their computers without their supervision, and 86 percent of college students have done the same. About 9 percent of the respondents admitted to having asked to use a stranger’s mobile device, and 19 percent admitted to using free wireless hotspots to surf online.

“Someone could be doing something nefarious on that machine, unsupervised,” Olechowski said.

Of the most commonly restricted devices and applications, 37 percent reported IT policies that prohibit online gaming, 15 percent named iPods, and 10 percent named the use of iPads and other tablets. About 31 percent claimed social networking sites such as Facebook, Twitter and YouTube are prohibited.

These users were “weaned” on computers and regard social media as a “necessary extension” of their lives, Mary Ladesman, senior security researcher at Cisco, said at the same press event.