Fountain of youth: Digital natives and security
Fountain of youth: Digital natives and security

Tech-savvy Generation Y workers can be an advantage in the enterprise, says James Beeson, CISO at GE Capital Americas. Marcos Colón reports.

Last year, when James Beeson's son was at Texas Tech University, studying to become an engineer, he came across a calculus problem that had him stumped. So, the 20-year-old did the only obvious thing a shrewd college kid would do: He asked his family and friends for help – without exerting too much effort. 

So rather than going through the manually intensive process of reaching out to each person one by one, he took a high-resolution picture of his laptop screen, and sent the photo in a group text message to everyone. 

Beeson was impressed by his son's ingenuity and efficiency. But the CISO and IT risk leader at GE Capital Americas since 1997, a commercial financing and leasing provider, also knew it underscored how a younger generation of users thinks and operates, the type of mindset that could introduce security risks to employers.

“I think they're so used to sharing and so used to having a much more open environment, that they're used to going wherever they need to get things done, without necessarily thinking about the ramifications of the data they may be creating,” Beeson says.

With nearly 15,000 endpoints, many of them bring-your-own-devices (BYOD), deployed in GE Capital Americas, Beeson deals with many employees who resemble his son in terms of IT practices.  Whichever way you like to refer to them – digital natives, millennials, Generation Y – there has been a steady influx of young, tech-savvy individuals entering the workforce. And because text messaging and web surfing is all they've ever known, their inclination to adhere to an organization's security policies and guidelines may not be as firm as their predecessors.

“I don't see [the way they act] as a problem,” Beeson (left) says. “I see it as a great way to solve problems collaboratively and quickly. What I do see, though, is that we're not ready for it from an information security and data protection perspective.”

But thanks to his children, Beeson has been out in front of this new challenge, implementing forward-thinking security awareness training, acceptable-use policies and technology controls to help manage younger workers' tendencies and their toys.  “I've watched the way they have been brought up and have used technology and I've seen the shift,” Beeson says of his children. “I've also seen it at work with the younger generation that comes into the workforce.”

The challenge facing Beeson and many other security professionals was validated by Cisco's recently finished “Connected World Technology Report,” whose respondents ranged from college students to young employees, ages 18 to 30, and IT professionals in 18 countries, including the United States. The data concluded that Gen Y tends to not be as compliant with security guidelines.

Seven of 10 employees admitted to knowingly breaking IT policies on a regular basis, and three out of five believed they were not responsible for protecting corporate information or devices from potential threats. And most worrisome of all, according to the findings, these respondents may be fully aware that they're breaking the rules, but they do it anyway.