Young Employees Pose Increasing Risk to Networks

buzzardsbay writes "Baseline is reporting on an upcoming survey from Symantec and Applied Research-West that confirms many suspicions about the generation gap in the workplace, namely that younger workers will use your corporate network to run most any device, technology or social networking software they can get their hands on. Dubbed "Millenials," these workers born after 1980 are nearly twice as likely to use cell phones and PDAs at work, and half admit to installing unauthorized software on their employer's computers. On the upside, the Millenials are more security aware than their older co-workers."

they need to protect their networks

isn't it the company's responsibility to control their network?

Re:they need to protect their networks

Having a company adequately secure their network would cut into symantec's bottom line, so, from their perspective, no.

Re:they need to protect their networks

isn't it the company's responsibility to control their network?

It's also about educating the employees more than anything IT can do to protect the network. If I can call one of your employees and pretend to be the remote helpdesk, and say that I need your password so I can install some software on your computer, and they give me the password, I am in your network.

It's called social engineering, and if you are good at it, you can get past ANY network or software based systems.

Re:they need to protect their networks

And that's a great idea, until you end up with a piece of required software that refuses to run without local admin privileges on the computer...

What about the other half?

half admit to installing unauthorized software

I assume the other half:
- Do it but don't admit it
- Or don't it but are way less productive than their peers

I don't know how it is for the rest of the slashdot crowd but almost everywhere I've worked it's impossible to be (decently) productive using only authorized software.

The sad thing is not a matter of cost, but a matter of paperwork. Something as basic as winrar (no, let's not go into why would I want to use winanything) is impossible to get by the official channels.

Re:What about the other half?

Interesting how you say that "installing unauthorized software" = "more productive"

I'm willing to bet that the vast majority of "unauthorized software" are things like chat clients, media players, RSS/Weather update notifiers, games and software for personal devices (iTunes etc).
=Smidge=

Re:What about the other half?

Firefox, SSH, VNC, .... Not to mention that a lot of tech support happens over IRC and IM.

Re:What about the other half?

"They always think they know better, they have a massive attitude, and a huge superiority complex."

They?

Re:What about the other half?

If you can prove to me you know your shit, I'll give you some leeway, but that leeway is probably just having your box dumped out into the DMZ, and you screw it up, you fix it.

Yeah, way to go. Great idea. So when your "clueless user's" box in the DMZ is pwned and your boss' boss' boss and the company lawyers are wondering how the competition knows the quarter's sales number before they're announced, you can complain about how stupid the user was for not being able to secure the box that you put out in the DMZ.

Good luck with your job.

Re:What about the other half?

You know, they were pretty darn accurate.

At my work, the things I install "unauthorized" for myself and my coworkers which are 100% productivity:

Firefox
Phrase Express (text macro program)
Stardock
Microsoft Powertools/toys (the one that gives you a screenshot of each app when you alt+tab).

None are "approved" but all the techs approve of it, because they know better.

None of them use any of what you mentioned. No RSS readers, no games, no funky screensavers, no weather spyware shit. Work is laid back enough to not care (many people just browse the web all day, I mean cmon I'm replying on slashdot), but most people don't push the slacking that far. Also, we're an enormous multibillion $ nonprofit corporation and what I am telling you is like...hmm, well its a worldwide company with thousands of employees. I've talked to the CEO and even he has admitted to having a preference for firefox over IE for example, even though the CIO hasn't officially or formally approved it.

I don't mean it to be ad hominem on this, but I will say you are making a pretty general bias here that is pretty generally not accurate.

Re:What about the other half?

"installing unauthorized software" = "more productive"

False dichotomy.

Where I work, the company standard IDEs for web development are Dreamweaver or Eclipse. Both are completely unacceptable. Yet, a F/OSS text editor like jEdit is nonstandard but allows me to be much more productive. Why? Because it allows me to work quickly. I have all of the powerful text editing tools of an IDE without the extreme overhead.

Also, as someone else replied, Firefox and certain plugins like Firebug and the Tidy validator are critical. I am a web developer, you see, and IE's ultracrappy javascript debugging capabilities are not even worth considering (even with the insanely useless MSFT Dev Toolbar installed). Profiling AJAX calls, or ANY HTTP request, is impossible without a tool like Firebug. And they are all nonstandard, but without them it would be more time consuming if not practically impossible for me to debug or optimize web pages.

I am not trying to install iTunes or GAIM or games. Stupid people install that stuff at work. I just want to use tools that will allow me to get the job done. The web and its technologies are rapidly changing. Company Standard Software committees do not seem to be able to keep up, at least where I work. So, you can either 1) fight the establishment and risk looking like an "OSS hippie troublemaker" and still never get what you need, 2) work with approved but ineffective and usually expensive tools, or 3) just install what you need and produce good work. Within reason, I go with option number 3.

So...unauthorized software isn't always better; authorized software isn't always better.

Re:What about the other half?

I assume the other half:
- Do it but don't admit it
- Or don't it but are way less productive than their peers

I don't know how it is for the rest of the slashdot crowd but almost everywhere I've worked it's impossible to be (decently) productive using only authorized software.

Quite. I remember being employed to do software development when there were no programming languages included in the approved software, because the people who drew up the approved software list had never bothered to ask the business areas what they did with their computers. I never did get any languages approved, but I did get them to lift my authorisation level so I could run executables that weren't on their heavily locked-down desktop, which was all it took. The company bought the C++ compiler I asked for, and I installed and used it -- unauthorised.

Re:What about the other half?

No.

Ahh, a self important ass that believes his world view is the only correct one. Gotcha.

OK OK, I'll give notepad another chance for my code editing, and I'm sure I can come up with two decent .bat script to launch the compiler and so on... More good ideas? Email them all to ccguysboss@gmail.com :-)

Ya... because it's either VIM or notepad. Well have fun installing all the crap you think you need, I need to get back to doing actual work.

Funny that

Most people born after 1980 are treated like shit in the IT industry. You are taken on for pitiful wages with vague promises of future riches, squeezed for every bit of knowledge you have, then booted out when the project(s) you are working on are finished. So it is hardly surprising that people treated so shabbily don't have a particular commitment to their workplace.

Most of the highly technical and well paid jobs (system admins and the like) seem to be already taken by well established old folk, and nobody is really interested in training anybody for when they retire. Managers take IT systems completely for granted, consider IT professionals to be lowly peons, and are in for a nasty shock when the handful of people keeping their systems running leave.

Re:Funny that

You sound bitter that you have to start at the bottom like everyone else. Then again, maybe that is the problem some of us have with your generation.

Re:Funny that

Most people born after 1980 are treated like shit in the IT industry.

So are most people born before 1980.

Not much to this story

Looks like the title is overblown. The younger works do slightly more risky things than the older workers. However, the older workers (Gen X in this case) still do all the same things, just a little less often. None of the numbers suggest a big change in risk. A lot of the risk factors being described just go from numbers like 47% to 51%. Hardly anything dramatic.
If you want to secure your network, you need to address all the risks that are out there. Adding a little more risky behavior does not really make for any real changes is the risks to the network. Networks are always at risk from the weakest link. A 60 year old employee who happens to do something risky is just as bad for the network as a 20 year old.

Fair Trade

On the upside, the Millenials are more security aware than their older co-workers

They're also less likely to call IT with problems like "I'm trying to make an Internet on my desktop but I can't get the file to program."

Breaking News:

This just in... young people are more likely to use iPods and PDAs than old people. Film at 11.

Unauthorized software

What exactly does "unauthorized software" mean?

My company doesn't give me administrator privilages, but has IE 5.5 installed. They haven't told me exactly what I can or can't do with my computer (except "you can browse the web in your down-time, but don't look at porn"), but I don't think the people that immediately oversee me know enough about computers to understand installing programs and stuff (really, it's pretty amazing--they don't even know that IE 5.5 is different at all from whatever they use at home).

The computer won't let my upgrade IE, so I installed Opera and Firefox. Is this "unauthorized software"?

Now, let's go a step more complicated.

They said I can browse the web in my downtime, right. So I figured I can also download and view MIT physics lectures (yes, Walter Lewin). My computer doesn't have proper codecs to view these videos. So I had to install codecs, but the computer is very resistant to that--it took a lot of trial and error to find a codec that would install and also play the videos.

Did the larger amount of work to avoid the problems associated with a lack of administrator privileges make this "unauthorized"?

I've also tweaked the registry (this is Windows 2000) because there were several programs starting with the computer that I have no use for. "Unauthorized"?

I'm in my mid-20's

I'm in my mid-20's so I think I would fit into this "generation" gap and want to comment on this. And no, I'm not at work presently to post this, in case the inescapable irony strikes some readers.

I know some of my peers feel that simply having access to the Internet means they can use it during the workday either to take a break during the work period, not work at all or use the Internet on breaks. My friends don't do this but I have had co-workers who have and were generally disciplined and eventually fired for not doing their assigned work.

Personally, I feel that I have an obligation to my employer: 1) to do the tasks I am assigned and 2) to protect the information on their networks. I avoid using the Net at work for non-work tasks and social networks for these reasons.

Age, not generation

This article appears to be taking a stupid slant on the statistics that have been gathered. It keeps harping about the "Millenials" (people born after 1980) when really it should say "people in their 20s". My issue is that 20 years from now, the Millenials will be in their 40s, but it will still be the people in their 20s who are the greater risk. The Millenials are not a generation of risk takers, they are currently at the risk taking age.

When I was in my 20s, I was much more risk prone than I am now (in my 40s). Back then I considered it my *right* to be able to install whatever I wanted on a computer, and would be unconditionally annoyed and offended if it was not allowed. Today I am more aware that there are reasons for most restrictions. Yes, some restrictions don't make sense, but a very many do.

This type of thinking was in more aspects of life than just computers. Back in my 20s, I would say that I drove less cautiously than I do today. I drank more heavily, ate poorly, resented having to wear a bike helmet, jay-walked more often, the list goes on. These are all behaviours that I, and most people, grow out of.

Heh

I'll remember this article next time that me, born in 1982 has to go round removing all the shareware games like Kyodai that all the middle age helpdesk women have decided to install on their computers because the 40 yr old manager we have thinks they should be free of security restrictions even if it causes such problems and creates security risks for the network.

Or when I'm dealing with silly amounts of calls because one 40+ yr old colleague is stood outside on their mobile phone arranging with their wife who is doing the cooking and the other is browsing holiday sites deciding where to go on holiday next.

Articles like this are stupid, they're a generalisation and where I work it couldn't be further from the truth. 3 out of 4 of our 1980s+ born workers and 1 out of 12 of our pre 1980s born workers make up our best 4 workers, that's completely out of line with the articles findings and whilst I realise you always get anomalies from statistical samples you should also not try and dress up this kind of bullshit as general fact.

In fact look at TFA, as hard as that is when it insists on jumping to the next stat before you've had chance to check the page properly I don't notice any information how solid a test base they used.

For all I know this could be put together by some disgruntled middle aged worker who actually sucks bad at his job but like many would rather blame someone else and so decided to blame the younger generation for taking his work.

Anyone know how reasonable a test base was used for this study? As it stands I could equally put together a made up study claiming older people are more likely to steal from the work place and pass it off as being fact.

Re:Contradiction?

They are more aware. They just don't give a shit. :-)

Re:I'm surprised how high the risk is anyway

Of course you can, their routing number is 666, but you still run into the problem of getting the account number of whoever you are sending the money to. Also the dollar is incredibly weak against souls right now, so it's pretty expensive.