The majority of generation Z employees do not follow data security processes at work, leaving employers open to cyber attacks.
Research with 1,000 workers, born between 1997 and 2012, found that 57 percent fail to keep work passwords private, 64 percent do not lock their computer when they leave the room, 60 percent do not avoid suspicious or unverified emails, and 78 percent do not set meetings to private when necessary.
The survey findings, from card payment provider Dojo, are a concern as UK government data shows that one in two businesses have reported being the victim of cyber security breaches or attacks in the past 12 months.
Employers have invested in data protection software but human behaviour can offer an entry point for criminals. Previous research suggested that more than 95 percent of data breaches are the result of human error, from clicking on suspicious links to opening emails from unknown contacts.
The majority (83 percent) of gen Z employees do not take work calls in private. Remote working has made it easier to work from virtually anywhere, but Naveed Islam, chief information security officer (CISO) at Dojo, said that taking calls in public can pose privacy and confidentiality risks. Employees might unintentionally disclose sensitive information by conducting work conversations in public settings, he added.
Only a quarter of employees keep work information private, meaning that three-quarters are opening their employer up to the risk of data breaches.
The research also revealed that 57 percent of employers would not allow an employee to pass their probation if they were caught sharing classified information with external sources. Depending on the nature of the information shared, this could mean the majority of gen Z employees are risking their jobs.
Four-fifths of employees said they do not always use their security key fobs, which are crucial for maintaining security in shared workspaces. Such widespread failure to follow building security rules means workers are potentially compromising the safety of colleagues or other businesses that share the building.
Islam said: “Many workplaces implement technologies and processes designed to protect their sensitive information.
“Yet, our study reiterates that there is still work to be done in educating staff, highlighting the importance of making employees aware of company security policies – such as taking work related phone calls in private and refraining from sharing private work information with friends – both of which work towards ensuring information is prevented from unintentionally falling into the wrong hands.
“This can be enforced by carrying out regular, comprehensive training and being clear about the expectations of your business and the risks of data breaches.”
