Cybersecurity and Your Employee Risk

Small businesses need to know which employees might place their business in

cybersecurity risk

By Carolyn Schrader

By now, almost every savvy business leader knows that every business has cybersecurity risks. Some of that risk

may be impacted by the age of the business’ workforce. A recent study, sponsored by Citrix, identified some

interesting trends. Citrix, a software company, sponsored The Need for a New IT Security Architecture: Global

Study on Compliance Challenges & Security Effectiveness in the Workplace study by Ponemon Institute. One key

area the study identified is how age groups might impact cybersecurity risks for a business.

The study identified that overall, the millennials are most likely to put a company at cybersecurity risk.

 Millennials: 18-34 years old (55%)

 Gen X: 35-50 years old (25%)

 Baby boomers: 51-69 years old (20%)

The details of the study show that different age groups might be impacting cyber risk in different ways.

Millennials are:

 More likely to use unapproved apps and devices in the workplace (39%)

 Somewhat apt to be negligent or careless in following the organization’s security policies (26%)

 Not very susceptible to phishing & social engineering scams (15%)

 Not apt to lack knowledge about how to protect sensitive and confidential information (15%)

Gen X are:

 Apt to use unapproved apps and devices in the workplace (32%)

 Apt to be negligent or careless in following the organization’s security policies (30%)

 Somewhat apt to lack knowledge about how to protect sensitive and confidential information (17%)

 Less likely to be susceptible to phishing & social engineering scams (14%)

Baby boomers are:

 More than twice as likely to be susceptible to phishing & social engineering scams (33%)

 Twice as likely to lack knowledge about how to protect sensitive and confidential information (30%)

 Half as likely to use unapproved apps and devices in the workplace (16%)

 Less likely to be negligent or careless in following the organization’s security policies (16%)

What your business can do

Businesses should consider the ages of its workforce by the 3 key groups. In addition to standard cybersecurity

training, special emphasis should be placed on the areas where increased vulnerability may occur. For example, if

you have a significant number of baby boomers, increase the number of examples and impacts of phishing scams

in your training. If you have a significant number of Gen X or millennials, talk to them about the impact of

unapproved apps and devices in the workplace. Show them how it can damage the company and how it can

negatively impact them as employees.