Of all the tough gigs that IT get tasked with, keeping an organisation’s network safe and secure is near the top of list. And it’s getting higher as hacking incidents dominate the news agenda and cyber security becomes very much embedded in the public conscience.
It’s a job that’s only going to get tougher; one big reason being the rise of millennials in the workplace.
Millennials – those in their 20s to mid-30s – are starting to dominate workplaces around the world. It’s a demographic group that will account for half of the global workforce by 2020, according to PwC.
The term “millennial” has many connotations. Among them: they like sharing on social media. They won’t put up with bad user experiences. They want a flexible approach to work. Their loyalty to their company can plummet at the drop of a hat if their expectations are not being met.
>See also: Millennials are shaking up the workplace
These characteristics will define the culture of the future workplace. They will also put the current network security regimes of many organisations to a stern test.
Here are three considerations for IT to take into account:
Social media: to block or not to block?
Many organisations have probably considered this question when it comes to their employees’ use of social media in the workplace.
A study by HR software provider CareerBuilder found that 37% of employers see social media as one of the major productivity killers at the workplace, behind mobile phone and texting (55%), using the Internet (41%), and gossiping (39%).
Three-quarters of employers say two or more hours are lost a day in terms of productivity because employees are distracted.
From a network security perspective, social media is a vector for malware and socially engineered attacks. There are many links that, while shared innocently, end up bringing users to compromised websites. And even if employees use social channels in a professional way, their friends and contacts are under no such obligation.
It is easy to ban or restrict social media sites at the network level. Static URL filters in Web filtering software can block or monitor specific URLs.
The category-filtering feature can block entire groups of websites. But that doesn’t mean CIOs should start blocking social networks at the workplace.
An alternative, and better, approach is to reexamine how network security is being enforced holistically across the business. Having a clear social media policy and training for staff is a solid foundation.
>See also: Knowledge sharing in the age of millennials
For instance, sales staff should be regularly reminded of the security and business risks that might result from checking in their locations at customer sites via social channels like Facebook.
The most important safeguard, though, is to have a robust, layered security infrastructure. It is a surer bet than having to rely on employees never erring in their clicks, taps, and swipes with their social media accounts.
Security: know thy layers
With the changing workplace habits brought on by millennial workers, CIOs should relook at how they are setting up each layer of security within the business.
Layered security, whereby different layers of security controls combine to protect data, devices, and people, ensures that when attacks occur they can be detected and stopped before they spread. Whether at the network, application, device, or user level.. It also offers an effective safeguard against different types of threats.
Consider, for instance, the use of personal devices in the workplace. According to a McKinsey & Company study, around 80% of enterprises now allow employees to use personal devices to connect to corporate networks. And increasingly, employees expect their IT departments to support their personal devices with access to corporate applications like email and calendar.
It’s no secret that BYOD poses a number of new security threats.
What BYOD does mean is that CIOs should prioritise bolstering security at the device layer. The first step to take is to shore up the devices themselves through mandating some combination of firewalls, anti-malware software, MDM (mobile device management) solutions, and regular patching.
A BYOD culture also puts organisations at risk from having their employees’ smart devices hacked because of poor passwords. Having policies and education on strong passwords are absolutely essential.
Device types can also be identified so that less secure devices, such as mobile phones, can be restricted from some parts of the network. Sessions should also be secured, such as by preventing users from visiting unsafe websites.
Similarly, defences of the user layer should also be shored up to mitigate the rising risks of internal threats. This layer is often the trickiest to manage due to the need to balance security and convenience.
You can also use a variety of authentication methods to identify network users and allow varying levels of access. Instilling awareness and educating staff are important steps to take.
Tackle shadow IT
The uncontrolled nature of shadow IT poses a major security threat and governance challenge.
Consider the scenario of employees using their smartphone to open a file. It is likely the phone will make a copy of the file, which could then be sent to an unapproved online storage destination when the phone performs its routine automatic backup. Just like that, secure corporate data has been moved to an insecure location.
In the same way, the many social collaboration apps favoured by millennials can shift sensitive company information to insecure locations.
Unfortunately, mandating that staff stop using non-sanctioned devices and applications is unlikely to stunt their growth in an organisation.
Frankly, with the ubiquity of smartphones, employees are going to use social networks and their personal cloud apps whether your policies prevent it or not.
What could be more effective is to educate users, as well as implement technology – such as data encryption, access control, and traffic monitoring – to manage the issue.
Shadow IT most of the time reveals a wider issue within your organisation. It usually happens when staff are not happy with the solutions provided by the business.
While CIOs may not be able to prevent staff from seeking out alternative apps for, say, collaboration, they can keep things in check by being attuned to their needs.
Sourced by By Mark Weir, regional director – UK & Ireland, Fortinet