Cyber Security
The Millennial Cybersecurity Project
Millennials are the first “always connected” generation ensconced within an ecosystem of digital devices from iphones and iPads to tablets and laptops. They bring these devices and behaviors into the places where they study and work which can expose organizations to security vulnerabilities. Millennials are reported to lack awareness of and demonstrate limited adherence to organizational security policies which highlights the need for new approaches that build awareness of risky behaviors in cyberspace. The goal of the Millennial Cybersecurity Project is to improve our understanding of millennials awareness of cybersecurity threats, to identify risky behaviors that put organizations at risk, and to explore new digitally-mediated tools to modify risky behaviors in cyberspace.
The underlying premise of the Millennial Cybersecurity Project is that the best way to communicate with millennials is through the language of technology. Most organizations today employ communications strategies that are better suited to previous generations. Instead of more traditional text-based materials and face-to-face interactions, this project demonstrates that risky behaviors can be reduced by moving from more traditional approaches to digitally-mediated and interactive online approaches that are more aligned with millennial familiarity and comfort with “messaging” that is short and simple—and supported by graphics and symbols for fast and easy comprehension. In particular we demonstrate the effectiveness of 1) the use of real-time feedback of (lack of) conformance with security best practices, 2) the online reinforcement of best practices by encoding them in a “strategy” that is delivered digitally, and 3) the use of avatars or other digital (self) representations to personalize the messaging.
While stereotypes portray millennials as risk-seeking and blithely unaware of threats to and policies regarding cybersecurity, our results reveal a broad range of attitudes from highly aware and competent to completely uninformed and dangerous. These behavioral categories tend to transcend traditional boundaries of gender and age. Survey results of millennial business students and staff at the Kenan-Flagler Business School revealed that among the more vulnerable behaviors are password creation and use, and ability to recognize and respond properly to phishing emails. Self-reported risky password and phishing behaviors by millennials were confirmed by experiment.
The Millennial Cybersecurity Project demonstrated that digitally-mediated interventions can both reinforce positive identification of phishing emails and reduce associated risky behaviors. Phishing emails are increasingly difficult to spot as senders get better at portraying themselves as legitimate. Further, while millennials rely on a number of standard clues to catch phishing emails, they often overlook clues if the sender appears to come from a trusted source. In online experiments, only 68% of millennials correctly identified phishing emails as legitimate while 32% incorrectly identified phishing emails as legitimate. The presence of a
2
trustworthy sender and a realistic corporate logo were most useful in identifying legitimate emails, while suspicious links and unknown senders clued millennials as to fraudulent emails. Millennials that experienced real-time feedback about their skill at identifying phishing emails and who received best practice phishing “strategies” from avatars improved their ability to identify suspicious emails from low-and medium-trust senders. Millennials, however, consistently overlooked standard clues in phishing emails from high-trust senders.
Risky behaviors regarding password creation and use were also reduced after online interventions. Two types of interventions were tested. The first intervention provided real-time feedback about password “strength” while the second intervention supplemented feedback about password strength with a password “strategy” that encoded best practices for password creation—both delivered by a personalized avatar. The strategy offered guidelines for creating passwords that are long and complex and that repeat patterns in a memorable way for us on for different devices. The password is a “front door” into an organization’s accumulated confidential and competitive information. However, self-reported and observed password behaviors confirmed that millennials fail to use best practices in managing their passwords, thereby putting the organizations where they work and study at risk. Both interventions achieved reductions in risky behaviors related to password strength, suggesting that awareness and behavioral training programs that integrate real-time, online interactions with students about their cyber behaviors are worth further experimentation and development.
No copy data
No other version available