Each generation brings their own unique set of expectations, needs and habits to an organization. As a result, a one size fits all training strategy does not suffice, especially when it comes to cybersecurity.
In late 2015, Iranian hackers made headlines for stealing U.S. State Department data via a phishing scheme targeting individual government workers. It was a stark reminder that employees are often the most vulnerable link in an organizational network.
Cybercriminals capitalize on a lack of cyber awareness. According to CompTIAâ€™s “Trends in IT Security” study, 52 percent of security breaches result from human error. Itâ€™s easy to see why hackers would target end users. For this reason, employers need to offer cybersecurity education and training for all staff. But employee cybersecurity training is complicated by a central fact: Todayâ€™s typical workplace includes three distinct generations. And much has been made about how baby boomers, Gen Xers, and millennials learn differently.
However, in terms of proper cybersecurity behavior, all generations could use training. While different online behaviors may be employed by one generation compared to another, all have a need for security improvement. An accepted stereotype might be that the digital generation is more cyber-savvy than their older counterparts, but we have found that not to be the case. That is why we believe all members of the workforce â€“ whether they trend younger or older â€“ should receive practical training on how to be cyber aware.
Generational cyber similarities
Boomers, Xers and millennials might approach tech differently, but when it comes to cybersecurity, all three generations share the same bad habits. These include:
Bad password habits: When you practice poor password hygiene, you make a hackerâ€™s job easy â€“ and thatâ€™s exactly what employees are doing. As the survey found, thereâ€™s a trend of employees using the same login credentials across different accounts. Additionally, 37 percent of employees only refresh their work passwords yearly, if not less frequently.
Developing inclusive cybersecurity training
While generational differences do exist in terms of how employees view and use technology, good cybersecurity training will benefit all employees in the office. Companies should focus on an inclusive set of training standards that account for each learnerâ€™s preferences. When deploying cross-organizational cybersecurity training, companies need to focus on offering:
Dedicated training time: Cybersecurity training shouldnâ€™t interfere with existing work tasks or demand outside time from employees. Instead, companies should carve out time during the workday so workers donâ€™t feel their cybersecurity training is costing them productivity or personal work-balance.
An emphasis on e-learning: To be inclusive, companies need to settle on a methodology that engages all types of learners. While stereotypically associated with millennials, digital training platforms offer a degree of flexibility and autonomy that all generations value.
Todd Thibodeaux is the president and chief executive officer of CompTIA. Todd has more than 20 years of experience in the IT industry.