If you've ever helped an aging friend or family member navigate social media basics, download an electronic boarding pass, or interact with email and texting services, that experience might have left you uneasy about their online security.
It would seem their unfamiliarity with the settings, commands, and those never-ending invitations to provide their personal information would make them more vulnerable than the younger tech-savvy generations. Well, think again.
Before I explain, let's look at today's Internet users that span four generations:
· Baby boomers (born between 1946 and 1964)
· Gen Xers (1965–1980)
· Millennials (1981–1996)
· Generation Z, or zoomers (1997–2012).
We might be shocked to learn that of those four groups, millennials and zoomers are more likely to fall victim to cybercriminals than their elders. That's according to experts who say it comes down to two factors: distrust and experience with the Internet.
You see, all four generations have intersected the Internet at different stages in their lives and professional careers. Millennials lived through their adolescence during the Internet boom while zoomers were born into it, making them the first true digital natives with access to broadband, smartphones, and social media from their earliest years.
Meanwhile, boomers were already working when computers first entered the workplace, and Gen Xers joined the workforce as the Internet was adopted as an essential component of modern business.
It's these experiences that experts say influence generations to engage differently with the Internet. You could assume the older generations might struggle with cybersecurity while the younger generations consider it second nature. However, most studies show the opposite to be true.
For example, a 2018 Ponemon Institute report reveals that 90% of workers over 45 said they follow their company's cybersecurity policy. In sharp contrast, 34% of zoomers said they don't know or understand their company's cybersecurity policies. Additionally, a 2019 study done by Santander found that 82% of people under 30 have fallen for online purchase scams, while that number dropped to only 57% for those over 30.
Younger employees are simply more reckless with their browsing behavior. According to a December 2020 study performed by Security Magazine, 70% of millennials and 65% of zoomers stated that they would still visit a website after receiving an alert from their Web browser that the site was insecure. Contrast that to 62% of baby boomers who said they would not continue to unsecured sites.
Another study by Atlas VPN found that 23% of zoomers and millennials have fallen for a phishing attack, while only 19% of Gen Xers and 9% of baby boomers have done the same. Even more concerning, 52% of zoomers and millennials have had a password stolen, which is true for only 37% of Gen Xers and 12% of baby boomers.
If the younger generations are more comfortable and familiar with online computing, why or how could they be the most vulnerable? Part of the blame can be placed on their lifelong experience with digital communications, which has made them complacent in their cybersecurity habits.
Zoomers and millennials have grown up with the ability to communicate instantly. It is their default way of communicating. In fact, a phone call before first reaching out over a text or IM is considered rude and intrusive. Because this form of digital communication is so normal and pervasive, they simply trust it. Familiarity breeds complacency, which leads to inherent trust and poor security.
On the other hand, older generations are more suspicious of any electronic communication. They espouse paranoia and distrust with any form of online communication. Their attitudes are the very essence of the zero-trust cybersecurity model.
We've long known that human behavior is our biggest weakness when it comes to cybersecurity. Now we understand how these behaviors differ on the generational level. Security experts need to step up their game and change the way they train employees. No one size fits all when it comes to cybersecurity training. Training must be relevant to the way younger employees engage with technology, especially as more baby boomers retire and are replaced by younger workers.
Also, I believe it's time to start teaching cybersecurity awareness education in elementary school to help kids understand the importance of password hygiene and the basics of phishing techniques. We can start by enforcing the use of password managers and multifactor authentication. Schools that provide students with laptops and Chromebooks managed by the school's IT department should enforce cybersecurity policies in the classroom.
Parents, likewise, should teach the principles of cybersecurity. If we can teach people about real-world cyber-risks and how to mitigate them when they're young, then maybe we can finally handle the ransomware pandemic.