Yahoo Finance When It Comes to Cybersecurity, Millennials Throw Caution to the Wind
Despite being the first generation to have grown up using the Internet, studies indicate millennials can be surprisingly unaware of online security threats they face.
In fact, a 2013 survey by Marble Security, a mobile threat intelligence and defense company, found that 26.2 percent of young adults born in the U.S. between 1980 and 2000 have had an online account hacked, compared with a 21.4 percent national average.
To make matters worse, many millennials continue to engage in risky behaviors online. A study last year by the National Cyber Security Alliance and Raytheon found that 72 percent of the 1,000 millennials surveyed had connected to public Wi-Fi not secured with passwords, and 52 percent had plugged in a USB device given to them by someone else. Another study from Raytheon in 2013 reported that 23 percent of millennials admitted to sharing an online password with a nonfamily member within the past year.
Joan Goodchild, editor-in-chief of CSO, an online source for news and research related to security, says because millennials value productivity and speed when using technology, they tend to see security as a hindrance to efficiency. "Millennials, who have grown up around technology and are so used to using it, might not view that device they are bringing to work or that computer they have been given to get their work done on as something as insecure," Goodchild says. "They really see it as a tool to get things done."
Such was the case for 20-year-old Samantha Sharman, who had her email and Facebook account hacked when she was 16 after she put her username and password into a fake browser. Sharman, a student at Washington and Lee University, says before the attack, she was not concerned about online security, nor did she make sure she was protecting herself from online threats. "It was kind of just completely out of the blue -- I wasn't really expecting it," she says.
Despite the high number of hacks, a Gallup poll earlier this year found that 44 percent of millennials believe their personal information is kept private "all the time" or "most of the time" by companies they do business with. In comparison, only 32 percent of Generation X and baby boomers believe their information is this secure. Ira Winkler, president of the security awareness company Secure Mentem, says millennials' comfort with technology sometimes causes them to be less careful about sharing their information online.
"Everybody thinks millennials have been using tech from the start, so therefore they know all the problems, they know all the pitfalls and they're much more aware," Winkler says. "That's almost exactly the opposite."
Lance Hayden, adjunct faculty member at the University of Texas at Austin School of Information and author of "IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data," says because young adults have digital technology so embedded into their world, they tend to be less scared of its ramifications. As he puts it: "If you're very familiar with driving, you know that driving can be dangerous, but you don't freak out every time you get behind the wheel."
However, experts note that millennials' attitudes toward security change after they become victims of attacks. NCSA and Raytheon found 70 percent of millennials changed an online behavior following a cyberattack, such as no longer storing financial information on retail websites or being more careful about what they downloaded to their device.
"This is some evidence that millennials respond to the environment that they're in, and when something bad does happen, they change their behavior, and that's actually a good sign," says NCSA executive director Michael Kaiser.
Sharman, for example, now uses different passwords for all her online accounts and exercises more caution when looking at unfamiliar websites.
For other millennials, here's what you can do to guard yourself from an online attack without having to drastically alter the way you use technology:
Be wary about oversharing. Millennials are more prone to oversharing information, which hackers could collect and use to make a profile of the user. Jonathan Katz, director of the Maryland Cybersecurity Center, says hackers could use personal information on an online profile to create personalized phishing emails, which cause the victim to click on links or download software that could lead to computer viruses or stolen information. Hackers can also use personal information to answer security questions that websites set up in case users forget their passwords. "There's a lot more information available about people of that age bracket online that an attacker could get," Katz says.
Although sharing information online can be beneficial for forming bonds with others online, Michael Santarcangelo, founder of Security Catalyst, a company that develops IT leaders to address security challenges, says it's important to consider both the potential harm and the potential value when sharing information. "Instead of saying, 'What's the harm in sharing?' flip it around and say, 'What's the value in sharing?'" he says. "If there's a value to it, then great, then do it, and if there's not, then don't."
Change passwords frequently, and use different passwords for each account. As Sharman learned, if hackers gain access to one password, the first thing they will do is attempt to use that password in other accounts to see if they match. Satnam Narang, senior security response manager at Symantec, a company that helps consumers secure their information, found that millennials and even teens have a tendency to reuse passwords. When he asked a classroom of high school students if they use the same password somewhere else, 99 percent of the students raised their hands. Narang suggests using a strong password with characters and numbers on every account. To remember different passwords, he recommends using an online password manager such as LastPass, 1Password, Dashlane or Norton Identity Safe.
Check the privacy settings on each of your accounts. Narang notes that millennials are sometimes unaware that their posts on social media accounts are public and visible to everyone. "When it comes to online privacy and security, [people] don't recognize some of the settings they have available to them," he says. He suggests checking the privacy settings on all accounts, and to consider making posts private or only visible to certain people.
Use multiple verification methods. Richard Bejtlich, senior fellow at the nonprofit public policy organization The Brookings Institution, stresses the importance of protecting your email, noting that using two-factor authentication can go a long way in protecting your information. For example, Gmail offers an option to enter a six-digit code that is sent to an account holder's cellphone every time he or she wants to log in. The code provides two steps of signing in and proving identification, Bejtlich explains. "It's not perfect, but it can make it much more difficult for an intruder to abuse your email," he says.
Remember that new technology can be easier to exploit. Although new technology isn't always less secure, Katz says, younger users might be among the first to download a new app on the market without considering the security features and whether the app could block an online attack. Hayden notes that new apps in particular are becoming more social and collecting more user information to appeal to a younger audience. The problem arises when apps aren't explicit about how they profit from user information. "Millennials and younger people may not be as well-informed, not because they aren't looking for the information, but because they are deliberately misled in some cases," Hayden says.
Exercise caution. Security experts say the most important way for millennials to protect themselves from online attacks is to be aware these security concerns exist. Winkler says that although taking security measures seems like common sense, if millennials are not aware of the threats today, they can't exercise good judgment. And when it comes to posting information online, it's not just the hackers that millennials need to worry about. "If you put something anywhere remotely on the Internet," Winkler says, "assume your grandmother is going to get it, assume your boss is going to get it, assume the person who hates you most is going to get it."
More From US News & World Report
