Age plays a role in end-user security training

A report published by The National Cyber Security Alliance (NCSA) suggests cybersecurity teams may want to consider different approaches to ensuring security based on the age of the employee working from home.

As the COVID-19 pandemic appears to be gaining momentum, employees will be working from home more often well into 2021. At the same time, it has become apparent cybercriminals are getting more adept at targeting those employees.

The NCSA surveyed 1,000 individuals in the U.S., 500 between the ages 18 to 34 and 500 between the ages 50 to 75, in part to ascertain if there were any major differences in how individuals approach cybersecurity based on their respective ages. The survey finds 64% of remote workers age 50 to 75 felt partially or very prepared by company IT policies to switch to working from home. In contrast, 83% of those age 18 to 34 felt the same.

Cybersecurity bad habits

However, 49% of employees age 50 to 75 said they regularly update antivirus, anti-malware, and firewall software on their devices. Only 33% of younger workers did the same. More than half of respondents (54%) age 18 to 34 frequently connect devices to unprotected Wi-Fi networks to access company servers, banking information, and email.

In contrast, 42% of respondents ages 50 to 75 said they never use public Wi-Fi with their connected devices to access work data, banking info, or email. In addition, 68% of users 50 to 75 said they will only download apps from trusted sources.

On the plus side, the survey also notes remote workers age 18 to 34 are more likely to employ virtual private networks (60%) and multi-factor authentication (46%) for all devices than older employees. Nevertheless, half of respondents (50%) age 18 to 34 sometimes or never deactivate unnecessary manufacturer features such as location tracking and data sharing in newly purchased connected devices, while 44% said they always accept push notifications from applications, including requests to access location or contact data.

Overall, both age groups said they are moderately or highly confident in the security of connected devices, 77% and 81% respectively. However, more than one-third (36%) of Americans age 50 to 75 rarely or never check for software updates to their connected devices.

Tailoring cybersecurity training

Obviously, there are individuals age 35 to 50 that fall along both sides of this broad spectrum. The challenge security professionals are wrestling with is figuring out precisely who in their organizations needs what kind of security training. Clearly, not everyone within an organization has the same level of appreciation for cybersecurity hygiene.

Of course, most human resources departments are probably not going to endorse an approach toward end-user training that even hints at age discrimination. Nevertheless, savvy cybersecurity teams need to be aware of these predilections. Younger employees may need to be consistently reminded, for example, to stay off public Wi-Fi networks when accessing sensitive corporate data.

The NCSA report essentially captures a lot of the end-user behavior that tends to drive cybersecurity professionals to distraction. Rather than rant about the nature of human condition, savvy cybersecurity professionals will tailor their message to best fit the demographics of their intended audience. Just as importantly, they also might want to consider those same demographics to determine who inside their teams is best suited for delivering that message in a way that best resonates with each demographic.

Fight security threats with user awareness training