Security Experts:

Young Workers Ignore IT Policy and Connect at Any Cost, Says Cisco

Beg, Borrow or Steal? Young Professionals, Students Admit They’ll Go To Extreme Measures to Get Online Despite IT Policies

According to a report from Cisco, 70-percent of the younger office crowd routinely ignore IT policies, and before the age of 30, 25-percent of them will become victims of identity theft. Although it may not be clear, these two figures are related, as the generation that doesn’t know a world without the Internet is adding risk to their respective organizations simply by being themselves.

The aforementioned stats come from the Cisco Connected World Technology Report-- an international study that examines the next generation of workers’ demands and behavior involving network access, mobile device freedom, social media, and work lifestyles.

According to Cisco, it’s the desire for on-demand access to information that is the root of the introduced risk. This desire is so ingrained in the younger generation of employees that many of them take extreme measures to access the Internet, even if it compromises their company or their own security.

Point in case, at least one out of every three employees surveyed, responded negatively when asked if they respect their IT departments. Yet, balancing IT policy compliance with young employees’ desires for more flexible access to social media, devices, and remote access, severely tests the limits of traditional corporate culture.

When asked for the reasons for ignoring IT policy or breaking it outright, the results were interesting to say the lease.

The most common was the belief that employees were not doing anything wrong (33%).

One in five (22%) cited the need to access unauthorized programs and applications to get their job done, while 19% admitted the policies are not enforced.

Some (18%) said they do not have time to think about policies when they are working, and others either said adhering to the policies is not convenient (16%), they forget to do so (15%), or their bosses aren’t watching them (14%).

Two out of three (67%) respondents said IT policies need to be modified to address real-life demands for more work flexibility.

"These findings indicate a real need for a thoughtful and strategic approach for the types of IT services offered while taking into consideration the established processes and culture of any organization to create stronger, trusted relationships between employees and IT departments,” said Rebecca Jacoby, CIO at Cisco. 

Considering the influx of new blood into organizations across the globe, it’s no surprise to see reports like the one from Cisco. IT has always struggled to meet business requirements while bending a little to allow employees some freedom on the network. The issue lies in deciding where to meet in the middle, and there isn’t a solution on the market that can make that happen. All the monitoring, access control, and filtering devices in the world can never match an open mind and strong communication ethic between an organizations base staff and senior executives from all departments. Everyone needs a voice at the table. Unfortunately, this solution is far easier to write than it is to apply, which is why organizations would rather spend money.

Cisco’s report is an interesting read and is available online here.

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.