Safer Internet Day and the surprising cybersecurity habits of our future workforce

An online presence is near-ubiquitous in the UK. Children as young as toddlers are equipped with smartphones and our daily use of the internet doubles in less than 15 years (ONS). A lot of criticism has been aimed at the younger generations – typically millennials, generation Z or younger – for spending a lot of time online, but on the flipside, this ‘always-on’ generation is the most digitally-enabled yet.

That’s why initiatives like Safer Internet Day are so important; a constant online presence can leave you vulnerable to dangers and challenges from cyberbullying to cybersecurity threats. The campaign has resources for children and young people in three different age groups: 3-7, 7-11 and 11-18 year-olds.

The younger age groups will most likely be exposed to the internet primarily when playing games or consuming child-friendly content on streaming platforms like YouTube. Progressing to the second and third age groups opens up young people to the true breadth of the internet: social media, news sources, email… the list goes on.

Digital natives entering the workforce

The third age group in particular is an interesting one. These digital natives will likely understand issues around consent, how to behave online and how to report inappropriate behaviour. It’s also the age group that’s next in line to enter the UK workforce – in fact, with young people legally allowed to work in certain jobs, like newspaper delivery or casual shop work – from 13, a decent proportion of this group will already be in the workforce.

A 2018 report found that over half of young people reused passwords. With some respondents having up to 21 accounts that they logged into regularly, that’s a wide scope of attack for a hacker if they’d gained access to their credentials as part of a hack.

Whilst there’s no doubt our future workforce is incredibly tech-savvy, it appears they too may need some support in their cybersecurity habits, both personally and professionally. Businesses like Marriott, Yahoo and Ticketmaster have recently experienced serious breaches of customers’ personal data, whilst Twitter – used most frequently by 15-24 year-olds according to Statista – has experienced bugs that have exposed private messages and the tweets of private accounts. These ubiquitous businesses, with billions of users between them, could have had data exposed that had been reused on another site login.

Educating your current and future workforce

It’s clear that both our current and future workforces are short on cybersecurity education. Employees are still the weakest link when it comes to your business’ IT security; 95% of successful data breaches or hacks happened due to some type of human error (IBM).

So what can you do to ensure your people, both new and long-standing, are up-to-date on their cybersecurity skills? Luckily, we’re always blogging about cybersecurity, so here are our top picks:

Test your people

Your people are the frontline of your business, and as such are a target for cybercriminals. And while breaches overwhelmingly involve employees as well as hackers – whether accidentally or maliciously – each business is different in terms of their staff’s knowledge. That’s where a simulated phishing attack tool comes in handy. According to Verizon, 90% of hacks or breaches start with a malicious email. You can train your employees to spot the telltale signs of a suspicious email, get a feel for their current knowledge and track progress over time as you continue to test them – with no risk.

Spot fraudulent customers

We’re all aware of the hackers who pose as a reputed company you likely deal with in some way, like a supplier, or even your CEO, in order to get money or credentials out of you. But what about the people who pose as your customers to hack their accounts? This type of social engineering commonly plays on emotional cues, such as a stressed parent with a screaming baby, to harvest or even change a customer’s security information for their bank.

Educate your workforce about personal cybersecurity

Often, the way we protect our personal information outside of work is a good indicator of how security-savvy we are at work. Reusing passwords for logins like Facebook or Amazon means we could also be reusing those passwords for our work email or employee login. A lot of cybersecurity advice that we receive in the business world can be used to protect our personal accounts, and vice versa.