Balancing Generation Y preferences with security

As young employees enter the workforce, so does a new round of security threats

By Cara Garretson , Network World , 08/29/2007

Share/Email
Tweet This
Comment
Print

This is the final story in a five-part series about the key security issues that will be addressed at The Security Standard event scheduled for Sept. 10-11 in Chicago.

As young adults who grew up on e-mail and online chat enter the workforce, they bring with them a set of newer technologies designed for rapid-fire communication and workplace personalization. Much of this technology may represent better, faster ways of getting a job done, but it also introduces a new round of security threats for corporate networks; and the decision to allow them or not must be made carefully.

Proxy Not a Product, Just a Feature : Download now

These technologies —personal gadgets like MP3 players, thumb drives, cell phones and PDAs; real-time communication technologies like instant messaging and text messaging; and social-networking Web sites like Facebook and MySpace — are part and parcel of the young workforce today, experts say. Called Millennials or Generation Y, this group is defined loosely as having been born between 1977 and 2002, and totals 70 million Americans — a large percentage of whom are bound to have one of the 100 million iPods sold to date in their pocket.

Many Generation Y technologies may offer an improvement over today’s status quo — an instant message or text message is likely to get the recipient’s attention more quickly than an e-mail that sits waiting to be checked in an in-box — but they can introduce serious security threats to corporate networks, according to some security vendors.

Related Content

E-mail is so two hours ago
Here are some of the technologies often used by young employees that can cause problems in business settings:

Technology	Potential workplace problems
USB storage devices	Can be used to steal corporate data; enough capacity to take large amounts of information, but small enough to go undetected.
iPods and other MP3 players	Can be set to steal corporate data. Also, downloading music and video can clog bandwidth.
Instant messaging	Many public networks don't offer security features; often chats aren't logged so there is no audit trail or proof of the communication; the real-time nature of chat can disrupt the workplace.
Cell phone text messaging	No ability to send file attachments; no communication log or audit trail.
Web 2.0 sites	Popular social-networking and related sites rely on technology with weak security that hackers are targeting as agents for downloading malware.

Click to see: Technologies often used by young employees that can cause problems in business settings

For example, “the newer forms of attacks take advantage of Web sites with rich content and features: AJAX-enabled applications, embedded JavaScript, etc. These aren’t really new technologies, but they’re more pervasive now,” says Paul Ferguson, network architect at Trend Micro. “And with [components like] Google Maps, where the processing is done on the PC instead of on the Web page, criminals are exploiting that avenue of content delivery. The ability for Web 2.0 applications to deliver that content is a Catch-22, because it also can allow you to be exploited.”

For security professionals, it may seem that the prudent thing to do is to disallow the use of this kind of technology in the workplace: blacklist non-business-related Web sites; ban handheld or pocket devices from the workplace; require employees to use company-issued and maintained laptops, PDAs and cell phones. After all, as many as 40% of employee Internet activity is non-work-related, according to IDC.