January 21, 2009, 3:49 PM — Toothless enforcement of IT usage policies leave CIOs two choices: Prepare for Gen Y to ignore the rules or show them some tough love, according to a report from IT World Canada and Harris/Decima.
The fallout from ignoring the CIO isn't great, according to Freedom to Compute: The Empowerment of Generation Y, which says 90 percent of Gen Y workers have suffered any consequences for bypassing policies. None of them have been fired for it. Seven per cent said they didn't know if repercussions even exist. "
Freedom to Compute polled more than 1,000 workers between the ages of 18 and 29 about their attitudes towards IT, and got reaction from CIOs and CEOs in an order to explore the technological generation gap.
Harris/Decima vice-president Lise Dellazizzo pointed out that ignoring IT usage policies can be highly damaging to companies and include accidental or malicious leaks of customer data outside the company, misappropriation of IP, misappropriation of competitive information and other breaches.
"By virtue of the fact that they are using more technology, that they're using a greater number of applications, means that there's a higher likelihood that there's more vulnerabilities and there's more threats that could compromise those vulnerabilities -- just on a sheer numbers game," said David Senf, director of Research, Security and Infrastructure Software at IDC Canada.
Gen Y does not necessarily bring more security concerns than other employees, said James Quin, senior research analyst at Info-Tech Research Group. "I think they bring different security concerns than other employees...with the introduction of the Internet and Internet access at work, people learned they can use the Web to waste time...the difference between Gen Y and the generations that went before them is the sites they are going to waste that time," he said.
Dellazizzo said the responsibility for enforcement is clear: the CIOs are at the front of the line. "If senior IT assumes responsibility, take ownership and demonstrate the importance of establishing and respecting computing security and usage standards -- this in itself will make an impact," she said.
"Behind the front line is HR, who must enforce these policies and implement repercussions that are appropriate; and, perhaps most importantly, the actions both from IT and HR must be clearly supported by the CEO."
Matt Elliot, a 25-year-old who runs a blog called YWorking.com, said it's unfortunate that CIOs are sometimes cast in the role of the bad guy, and suggested there are better uses for their time.
"If you're one of those IT people caught in the middle, that can be very difficult to deal with. All you can really do is look at the output that your Gen Y worker can provide for you. You have to look at it from an employee morale perspective," he said. "Otherwise it just ends up eating up resources."
Social networking and cloud computing introduce a shift in what IT departments are going to need to focus their security attention on, said Senf. "It shifts from the traditional network towards more Web-based threats. Things like cross-site scripting become more important for organizations to know about."
"When it comes to Gen Y, the biggest recommendation that I can make comes around communication and education," said Quin. "Gen Y has grown up with technology and there's a certain mentality that technological access is a right, not a privilege, and I think that that doesn't hold in the workplace."
The key message to employers facing these issues is make sure your new employees understand what the requirements are, and most importantly, why those requirements are in place, suggested Quin. "I think the message itself needs to stay the same...the way in which the message is delivered definitely has to evolve."