In the U.S. alone, an estimated 65 million young people make up the cohort known as Generation Z — those born between 1996 and 2010. For comparison, that’s more than the combined populations of California and Florida. Collectively, these audacious young people are having a profound impact on culture and societal issues. And as consumers, they have an impressive spending power worth about $44 billion. But their influence is also keenly felt in the workforce.
Gen Zers are entering every industry as the first truly digital-native generation, having always grown up with computers and the internet. With them comes a new set of expectations—like the freedom to use personal devices and having 24/7 access to corporate networks. This poses a number of different considerations for IT departments, especially in government agencies. The challenge: rethink and evolve cybersecurity protocols to suit the needs of the workforce’s newest and most tech-savvy recruits.
A 2018 University of Dayton study found Gen Zers have more confidence in institutions to protect their privacy than millennials, an indication that many see IT security as someone else’s job. Meanwhile, a Google/Harris Poll study of people between 16 and 24 years old showed they tend to approach security habits such as software updates and password management with an alarming degree of indifference.
That’s the bad news.
On the bright side, these young people are driven and quick to learn. With the right education, they’ll understand—and embrace—the role they play in fortifying government networks against attackers looking to seize, steal or spoil critical data. Impress upon your up-and-coming talent and IT team these three things and you’ll be ahead of the prevention curve:
Accounting for Tech Habits
Gen Z is accustomed to constant access to the digital world. They’re all about ease of use when it comes to being connected and have fallen into the habit of tech “autopilot.” For example, no matter what you do, employees—especially Gen Zers—are likely to use their personal smartphones to access government network resources regardless of attempts to prohibit such behavior. Agencies, therefore, should require those employees to have IT-vetted and approved software setups on those devices. They should also provide strong, but simple, identity and access log-on methods, like multi-factor authentication or virtual private networks (VPNs).
In some ways, IT organizations must protect employees from themselves. That naturally begins with fortifying the network and implementing policies and procedures, such as blacklisting or whitelisting of certain websites. But it also means having IT staff that do their utmost to ensure the endpoint devices Gen Zers use (really all devices) are secure by default.
Going Beyond Consumer Devices
Agencies also need to pay attention to the computers they issue to Gen Zers. Most have great experiences with consumer PCs in their personal lives and think they work just fine in the office. But that’s not always true—especially for federal agencies storing data with national security implications.
Today, there’s a whole new suite of business-class laptops to consider with hardware-enforced resilience and other features that almost invisibly safeguard users and their employers. For instance, a recent innovation on some laptops uses proprietary deep learning algorithms and advanced neural network technology (think artificial intelligence) to instinctively recognize malware and protect against never-before-seen attacks. Another offering protects PCs from potentially malicious code on websites by trapping malware in an isolated virtual machine. There are also integrated privacy cameras and integrated privacy screens to guard against prying or spying eyes. And there’s now a whole host of features to help organizations that find themselves hacked recover more quickly. These options can cost more, but every computer purchase decision these days should be a security decision. Ignoring these types of cybersecurity features will almost surely cost more in the end.
In short, Gen Zers will benefit from a crash course on why all devices are not necessarily created equal and how that impacts their workplace behavior.
A Training Mandate
Speaking of courses, one might argue that even with the best security features, cyberattacks will still happen because people invariably make mistakes. They click on suspicious URLs or leave confidential documents showing on their monitors while they’ve stepped away or forget a document in the printer tray that anyone can see or even steal. Or maybe they work remote and spend a few hours working in a coffee shop or checking emails before boarding a flight, potentially exposing confidential information to “visual hacking” from a stranger peeking at their screen. All of that certainly happens, which is why employees must be constantly educated about their responsibilities when it comes to basic security practices.
Forget inspirational posters or quaint reminders on employee badges. Agencies can get better results from their new Gen Z colleagues with a regular regimen of mandatory training videos and sessions designed to keep people informed about the types of vulnerabilities they’re seeing, steps they’re taking to combat those threats and how workers can help. Some organizations build their training sessions around the U.S. government’s National Institute of Standards and Technology (NIST) standards, which describe practical cybersecurity and privacy best practices.
Gen Zers, in particular, will benefit from training because cybersecurity isn’t something the majority of them have been exposed to at this point in their budding careers. They spend more time than any generation on social media (averaging 2 hours 48 minutes a day), favoring YouTube videos as well as Facebook and Instagram. You can bet they’re not just accessing those sites at home, so providing guidance and expectations through training can only benefit government agencies.
No agency needs to fear the cybersecurity naivete of Generation Z. Like any newer generation, they’re as eager to please and prosper as anyone else. So by approaching them with eyes wide open and applying robust tools and training, organizations can help them enter the workforce safely and securely.
Todd Gustafson is president of HP Federal.