The modern workplace is awash with people of different ages and varying levels of technological understanding and expertise. As a result, it’s imperative that the approaches taken by the modern enterprise to safeguard technology and maximise network security caters to this broader spectrum of end users, each of whom has their own personal work style and differing understanding of IT security.
In order for businesses to effectively protect their enterprises systems, they need to understand the people working for them. At the basic level, today’s enterprise can be broken into digital natives and digital immigrants:
Digital Natives - This group has grown up with technology and tend to be more comfortable relying on it. They keep their technology close to them, continually interacting- checking emails and posting on social media.
Digital Immigrants - This group has been in the workplace for a while. They use IT on a regular basis, but rather than it being something embedded into their everyday lives, they see it as a tool to solve problems and set down when they go home at the end of the day.
Understanding the different attitudes these generations have to technology is the key to tackling the security issues that come with them. Businesses need to understand that there is no one silver bullet that can be used to address the problem.
Dealing with the generation gap
In order to deal with the generational IT knowledge gap, it’s important that businesses create tailored educational training programmes to help employees of all technical abilities understand the security risks inherent in their IT environments.
Looking at the digital natives, who think differently about technology and blur the lines between professional and personal, they will bring their own devices to work, post Facebook comments about the office or even tweet about a project they are working on. These people need to be trained to understand the importance of understanding what information is OK for public consumption and what needs to remain private.
The digital immigrants, on the other hand, need to be educated about how much information they have access to and are carrying around and be taught about standard best practices for information security. Given they have been in the workplace longer, these people often hold more senior positions, meaning they have more access to more sensitive internal company data and as such, need to take additional precautions. In addition to creating bespoke training programmes, businesses can safeguard their systems through the use of whitelisting – restricting user’s access only to the information and files they need to do their job. For example, someone in accounts who needs to access company finances may not need to access personnel records used by employees in HR.
Auditing and anomaly detection
In order to monitor this, businesses should also be able to audit their systems to understand when employees have tried to breach parameters. This can be done quite simply by setting up alerts to highlight if someone has attempted to access restricted files and then work out if the attempt was malicious or purely accidental.
Anomaly detection, through user profiling and pattern recognition is another powerful way to identify employees misbehaving on a network. For example, if person “A” usually transfers a few megabytes per day and then suddenly downloads two gigabytes – whether it’s over the network or onto a portable USB drive – then something is going awry that requires investigation. Businesses need to ensure that they have the right audit capabilities in place to ensure they are aware this is happening as well as take measures to ensure that portable USB drives don’t cause a threat to their business.
Ultimately, with new technology savvy generations coming into the workplace and access to more technology and mobile ways of working, IT Pros need to be more vigilant than ever when it comes to protecting their businesses systems and networks.
Image source: Shutterstock