by Todd Thibodeaux

Cybersecurity training for a multigenerational workforce

Mar 09, 2016
IT SkillsSecurity

Each generation brings their own unique set of expectations, needs and habits to an organization. As a result, a one size fits all training strategy does not suffice, especially when it comes to cybersecurity.

classroom training
Credit: Thinkstock

In late 2015, Iranian hackers made headlines for stealing U.S. State Department data via a phishing scheme targeting individual government workers. It was a stark reminder that employees are often the most vulnerable link in an organizational network. 

Cybercriminals capitalize on a lack of cyber awareness. According to CompTIA’s “Trends in IT Security” study, 52 percent of security breaches result from human error. It’s easy to see why hackers would target end users. For this reason, employers need to offer cybersecurity education and training for all staff. But employee cybersecurity training is complicated by a central fact: Today’s typical workplace includes three distinct generations. And much has been made about how baby boomers, Gen Xers, and millennials learn differently.

However, in terms of proper cybersecurity behavior, all generations could use training. While different online behaviors may be employed by one generation compared to another, all have a need for security improvement. An accepted stereotype might be that the digital generation is more cyber-savvy than their older counterparts, but we have found that not to be the case. That is why we believe all members of the workforce – whether they trend younger or older – should receive practical training on how to be cyber aware.

Generational cyber similarities

Boomers, Xers and millennials might approach tech differently, but when it comes to cybersecurity, all three generations share the same bad habits. These include:

  • Using public WiFi for work: The unsecure nature of public WiFi can instantly put user data at risk. Yet, according to a study commissioned by CompTIA, Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace, 94 percent of employees still use public WiFi on their laptops or mobile devices, and 69 percent of this group has accessed work data from an unprotected connection. 
  • Bad password habits: When you practice poor password hygiene, you make a hacker’s job easy – and that’s exactly what employees are doing. As the survey found, there’s a trend of employees using the same login credentials across different accounts. Additionally, 37 percent of employees only refresh their work passwords yearly, if not less frequently. 
  • Lack of authentication awareness: Two-factor authentication (2FA) provides an additional identity-vetting wall required for account access (such as a verification code sent to your phone). It’s a vital tool, particularly in a world where the most popular passwords are “123456” and “password,” but 41 percent of employees aren’t even familiar with 2FA, and fewer than half choose to use it voluntarily.    

Developing inclusive cybersecurity training

While generational differences do exist in terms of how employees view and use technology, good cybersecurity training will benefit all employees in the office. Companies should focus on an inclusive set of training standards that account for each learner’s preferences. When deploying cross-organizational cybersecurity training, companies need to focus on offering:

  • More frequent training: Currently, 45 percent of employees don’t receive any cybersecurity training.That’s a problem, since one thing employees across generations largely agree on is that training is vital to keeping pace with technology. Of the employees who participated in any type of training in the past year, only 40 percent said it was technology-related. Similar to regulated compliance training, organizations need to provide periodic and regular training sessions and refreshers to ensure employees’ skills and understanding evolves alongside the tools they use in today’s landscape of cybersecurity threats. 
  • Dedicated training time: Cybersecurity training shouldn’t interfere with existing work tasks or demand outside time from employees. Instead, companies should carve out time during the workday so workers don’t feel their cybersecurity training is costing them productivity or personal work-balance. 
  • An emphasis on e-learning: To be inclusive, companies need to settle on a methodology that engages all types of learners. While stereotypically associated with millennials, digital training platforms offer a degree of flexibility and autonomy that all generations value.

Because employees are the first target for hackers, cybersecurity education should be the first priority for employers. With inclusive employee training, companies can bring the generations together to instill a common set of cyber values in the workplace.