Among the somewhat surprising and distressing results from PwC's Workforce Pulse Survey of more than 1,100 US workers during the week of July 14: More than half of Millennials and 45% of Gen Zers say they use apps and programs on their work devices that their employer has expressly prohibited, which PwC surmises may be based on these employees' perceptions of overly burdensome security restrictions or their desire for convenience on par with their non-work experiences. Further, 44% of Millennials and 42% of Gen Zers said they allow their family or friends to use their work devices compared to 34% of respondents overall.
More broadly, the survey results don't bode well for employers' cybersecurity messaging, notwithstanding numerous reports since the onset of the pandemic of heightened cybersecurity risks associated with remote work conditions and related calls for (and reports of) stepped-up communications, education, and training on the importance of good cybersecurity practices.
PwC's suggested action plan for CHROs, CIOs, and CISOs identifies both common sense and innovative undertakings, including:
- Adjust your messaging, communication and awareness training so it resonates with employees’ concerns about personal loss, rather than focusing on implications for the company. (Survey respondents were equally or more concerned about the potential personal impacts - as opposed to company impacts - as a result of data breaches at work.)
- Consider the user experience when choosing technology and designing policies. Involve employees to get their input, especially with emerging or fast-changing apps. The better the experience is for your employees, the less likely they will be to download substitute apps or programs that may introduce risk.
- Introduce incentives and rewards for cyber-savvy habits and cyber-compliant behaviors. Consider gamification techniques that have been proven to reinforce continuous learning
- Elevate cyber acumen in your digital upskilling program. Award certifications or badges that can be recognized in the talent market. Encourage those who are “certified” to become ambassadors to help others develop their cyber acumen.
See also Osano's "Data Privacy & Data Breach Link"; PwC's "Digital Trust Insights Pulse Survey"; these WSJ articles: "As Remote Work Continues, Companies Fret Over How to Monitor Employees’ Data Handling" and "Companies Battle Another Pandemic: Skyrocketing Hacking Attempts"; and additional information & resources on our Coronavirus (COVID-19) Resources page » Cybersecurity / Data Privacy. This post first appeared in the weekly Society Alert!