- September 14, 2016
- Posted by: Kerry Tomlinson, Archer News
- Categories: Archer News, Cyberattack, Data Breach, Industrial Control System Security, Posts with image, Power Grid, Security Management, Work Force
Baby boomers’ grandchildren are now the majority in the work force. The generational change could impact your security.
Work hard, conform, don’t rock the boat. That’s what many Generation Xers—born between 1965 and 1980—recall from their first years in the work force.
“I remember starting my career 17 years ago in compliance type of work, assurance work, with a Big Four consulting firm, and thinking I needed to put in my time, keep my head down, work long and late hours to get ahead,” said Michael Colao, now on the data privacy team at Arizona Public Service.
But a new generation is moving to desks at companies across the country. And now that Millenials—born after 1980—are the majority, the work-hard-and-conform mentality is no longer the norm.
“That’s definitely changed. Millenials don’t think that way,” Colao said. “They’re a unique snowflake and want to be treated like a unique snowflake.”
In the world of security, however, the “unique snowflakes” could do more than just annoy other generations at work. Some worry that they could undermine the work structures protecting computer networks, as well as disregard policies designed to keep businesses, factories and homes secure.
“By 2025, 75% percent of the work force is going to be that guy,” said Andrew Plato of Anitian Enterprise Security, pointing to a picture of a slouching young hipster with rakish hair and a trendy beard. “Like it or not, Millenials are taking over your work force.”
A new attitude from a new generation could affect security, Plato explained at the EnergySec cybersecurity conference in Anaheim last month.
For example, security policies written in a traditional way.
“What Millenials are saying is, ‘Don’t care, not going to read it.’ If they’re not reading it, they’re not following it,” Plato said. “If they’re not following it, they’ve become an insider threat.”
Just telling them not to download something might not work, he said.
“’Don’t care, I’m downloading it. That’s the way it is,’” he said a Millenial might respond. “‘Don’t care, can’t care.’”
And if you tell them they can’t use social media at work, most will just go somewhere else, according to Plato.
“He doesn’t care. He’s not going to work for you,” Plato said. “He’s not going to take the job.”
Most Millenials will not take a job where they can’t use social media, according to Andrew Plato of Anitian.
Plato, himself a member of Generation X, recommended that organizations make change to bring generations together.
Baby boomers want respect, and Generation Xers want freedom, according to Plato. What do Millenials want?
“Authenticity,” he said.
“It isn’t about being entitled. It’s about authenticity. They want an authentic work experience. They want authentic leaders. They want authentic policies,” he added. “If you want to engage them, you have to build an authentic work place and an authentic security program.”
How can you make it authentic for Millenials?
Plato suggested writing policies using the word “you” in it, instead of using the third person, to make it more impactful for people reading them.
“It’s always about someone else,” he said. “Write in the second person and you’ll make it personal.”
“You have to tie it to something that’s important to them. Part of that is making it personal, something that they can tie to themselves.”
Also, explain what you want and why, rather than just saying, “Do this or else.”
“One of the clear things we hear from Millenials over and over again—‘Don’t just tell me what to do, tell me why,’” Plato said. “They’re not going to believe in things just because you said so.”
Make policies understandable and personal, Plato recommends, or Millenials won’t read them.
Make it social, Plato said, as the Millenials’ social circle is important to them.
“You don’t tell them what to do, you ask them what your friends would do,” Plato said. “’What would the rest of the company think if you downloaded porn all day?’”
When it comes to enforcing rules, you can make it a group action.
“If you walk into a room and say, ‘What do you think about this?’ and have them enforce this, you’re going to have a lot more weight,” he said.
Why change, instead of holding on to work values from the past?
“People are the core of your security program. Not firewalls, not regulations, not switches. People,” he said. “The most pervasive threat you have in your organization is people, and that work force is dramatically changing.”
Toe the line?
For some, the generational shift is positive.
“The creativity, the independence, the free-thinking and wanting to make a difference as soon as they’ve entered the work force,” said Colao. “Where my generation kind of came in and felt, ‘Oh, we’ve got to conform and toe the company line.'”
Colao said Millenials coming in to security work are bringing new ideas.
“A lot of energy in the training and awareness space, which is huge, whether it’s training and awareness in compliance, information security, or even in my field, data privacy,” he said.
“I think it’s been great,” Colao added. “It’s been constructive, it’s allowed us to think differently, allowed us to work with all levels of our organization in harnessing that new energy. So, I love it.”
“Much more effective”
Michael Firstenberg with Waterfall Security also sees positive change from the first years of his career in the 1990’s.
“When I started working in the industrial space, I arrived at my desk and there was a big stack of work orders to be done. And that’s the way it was done,” he said. “It was very task-oriented, as opposed to today’s mission-oriented goal strategy. We see it becoming much more effective long-term for company growth.”
Millenials are also highly collaborative, according to Firstenberg.
“I find that to be a strong positive in a lot of the plants that I visit, simply because working together just gets the mission done,” he said.
It is a tradition for generations to bemoan the next as dissolute—lacking in morals, and unrestrained.
“Youth were never more sawcie, yea never more savagely saucie… the ancient are scorned, the honourable are contemned, the magistrate is not dreaded,” wrote Thomas Barnes in 1624.
And it’s a tradition for the next generation to decry their elders as ineffectual.
“Every generation sees the generation after as awful and stupid, and every generation sees the generation before it as lazy and stupid,” said Plato.
But you may want to replace indignation and anger with acceptance and flexibility. Close the generation gap—if nothing else, for security’s sake.
“All of us are getting attacked,” he said. “It’s expensive. It costs a lot of money to have a breach.”
“Firewalls don’t just wake up in the morning and say, ‘I think I’m going to let all the traffic in,’” Plato said. “Every breach that we have starts and ends with people.”
Not every member of every generation fits the stereotype assigned to them, but there may be general strategies that can bring generations together—before a data breach or successful online attack.