Millennials and Their Impact on Security

Written by

Most graduates coming into the workplace are, like every generation, completely different to those before them. But the more I interact with this new tribe, the more concerned I am for the security of any organization they work for.

While it's brilliant that they are digital natives and as such insanely clever about technology, I've found this to be juxtaposed with a blatant disregard for the security of that technology.

The laptop cafe phenomenon

Perhaps because they've grown up with technology, millennials don't seem to have the same questions, hesitations or indeed fears about technology as my generation did. They expect to be able to bring their own device (BYOD) to work, connect their other personal devices to the corporate network, and see no reason to think twice about connecting to an unsecured WiFi Hotspot in a cafe. This new laptop cafe phenomenon is so prevalent that I feel distinctly out of place in a cafe in London without my laptop now.

Don't take my word for it

A survey by Software Advice last year claimed that millennials were the worst generation for re-using passwords, accepting social media invites from strangers and were most likely to find security workarounds. Another survey from Equifax this year claimed that millennials were almost twice as likely to store sensitive data such as PIN numbers and passwords on mobile devices than any other age group surveyed.

The culture of accept

It has also been reported that the majority of millennials download and install mobile apps without reading the terms and conditions before hitting 'accept' - another new phenomenon. When updating the software on your smartphone or downloading new applications, you are prompted to click the 'accept' button rather than the small T&Cs link.

Just last week, I was sent a digital contract to sign and, in the same vein, there was a button at the top of the document that said 'sign' which when clicked, shuffled me right down to the end of the document suggesting I didn't need to read the actual contract. Incidentally, the contract was from a millennial.

Something has to change

My experience with London's new laptop cafe culture and this digital contract is fascinating and terrifying in equal parts. It made me understand that the security risk around millennials is not a problem that can be solved by technology alone - we need to take a step back and re-educate this generation about digital risk and change this culture of 'accept' as quickly as possible.

While the millennials do present a threat, they are also a very engaged workforce -they don't simply want a job, they want the right job so if they're working for you, and you can secure them, they present a huge opportunity. But how do you secure them?


Ideally, the millennials would have learned these skills during their formal education but the digital landscape has changed so quickly, the responsibility now falls to the organization. An education program is now essential to ensure employees don't present a threat to the organization.  


Formal policies need to be developed around security and clearly communicated to all employees - covering BYOD, remote working, downloading policies etc, and could even require employees to make their devices available to the IT department for regular reviews. Additionally, the organization needs to ensure employees read the handbook and any contractual obligations around data protection before beginning their employment.


Technology that takes the ownership of trust away from the user while not impeaching on the user's experience or privacy can help protect organizations. The ability to deny access to data because of suspicious behavior, or because the data is in transit also helps maintain control. To stop millennials finding workarounds, the technology must be user-friendly and the organization needs to consider the privacy of the employees and use technology solutions which separate their data from the corporate data.

The millennial generation will be soon be a major part of the workforce, and we live in such a fast-paced world that there isn't much time to adjust. With the increasing amount of data breaches and the forthcoming EU GDPR, the millennial threat is amplified and organizations have no choice but to adapt quickly, or suffer the consequences, which when the EU GDPR comes into force, could be up to 4% of global annual turnover for a data breach.

What’s hot on Infosecurity Magazine?