The kids are not alright: How some Millennials and Gen Zers are cybersecurity liabilities

At the onset of the pandemic, while many people were beginning to work from home, we conducted a survey to learn about remote work and employee behavior. After surveying 1,500 employees between March and June 2020, a few things became abundantly clear.

Firstly, as one might expect, employee behavior differs drastically along generational lines. All other things being equal, younger employees enjoy working from home more than older folks. Asked whether they would be open to working remotely beyond the pandemic, nearly half (47%) of Millennials aged 25-34 answered, "Yes, I enjoy it." Conversely, older employees were less excited by the prospect; in fact, only 13% of those 65 and older wanted to continue working remotely in the future.

Secondly, and this was slightly counterintuitive, younger employees experienced more technology-related issues while working from home. When asked to report how many technology issues they faced, a staggering amount of Gen Zers (38%) and Millennials (23%) said they had four or more issues, on average, every week.

This came as a bit of a surprise to us, as the generally accepted stereotype is that younger generations are more tech savvy; however, the results speak for themselves. Only 12% of employees aged 45-54; 4% of 55-64 year olds, and 13% of the 65+ crowd reported having four or more issues per week.

Once we started to inquire about the nature of these technology-related issues, the plot began to thicken. Asked to choose the technical difficulty they faced the most while working from home, roughly a fourth of all Millennials (24%) and Gen Zers (28%) said that issues with passwords — resetting them and getting locked out of apps — were the most troublesome. Contrarily, not a single employee over 65 and only 6% of 55-64 year olds listed password lock-outs as a serious issue.

However, it was not until we asked about cybersecurity issues and internet browsing habits that things took an ominous turn.

To begin with, younger employees are far more reckless in their browsing behavior.

The vast majority of Millennials (70%) and GenZers (65%) asserted that they would still visit a website after receiving an alert from the web browser that the site was insecure. On the one hand, older Millennials — and younger members of Gen X — were the worst offenders; a whopping 77% of those aged 35-44 said they would bypass the browser warnings and continue on to these insecure sites. On the other hand, older employees were far more responsible, as the majority of Boomers — 62% of 55-64 year olds and 78% of those over 65 — said they would not continue on to these insecure sites.

In a similar vein, respondents were asked if they would visit their favorite website after learning that it had been hacked and their consumer information had been stolen. Again, Millennials and Gen Zers engaged in the riskiest behavior. The majority (59%) of older Millennials; roughly half (47%) of younger Millennials, and a quarter (27%) of GenZers were willing to revisit these potentially compromised websites. Older employees were far less likely to do so.

Lastly, we were surprised to learn that Millennials had the worst understanding of tracking mechanisms. In fact, 31% of 18-24 year olds — by far the highest percentage of any demographic — said they did not know what the phrase "accept cookies" meant.

So, to recap: Despite their preference for remote work, Millennials and Gen Zers experience more technological issues, struggle more with password management, and are far more reckless in their online activity than older demographics. Not only do these younger employees create more work for IT teams and service desk personnel, but they also pose as significant cybersecurity liabilities for corporations.

If these Millennials and Gen Zers ignore browser warnings and are generally unfazed by having their personal data compromised, it stands to reason that they are much more likely to put sensitive corporate data at risk. Additionally, working from home exacerbates the issue, as employees face less supervision and are more likely to use personal devices to access corporate information.

In all likelihood, many of these issues can be resolved through increased cybersecurity education and training. Nevertheless, the data speaks volumes; it might be time to get some of these younger employees back into the office.

John Donegan is an enterprise analyst at ManageEngine.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.