Digital natives more likely to fall for phishing attacks at work than their Gen X and Boomer colleagues

SailPoint survey finds that younger workers also are more likely to use company email addresses for online shopping and subscriptions.

Image: Vladimir Obradovic, Getty Images/iStockphoto

A new Trust Issues survey found that Gen Z and Millennials should follow the example set by their elders to develop better cyber hygiene habits at work. This SailPoint survey asked 500 U.S. workers about how they use email and deal with phishing attacks.

The survey asked how respondents reacted to a suspicious looking email with a link or an attachment. Forty-six percent of Gen Z respondents said they would open the link or attachment, compared to just 1% of Boomers, 4% of Gen X and 29% of Millennials who also would take the bait.

Sailpoint CISO Heather Gantt-Evans said digital native generations have a different comfort level with what they engage with and post online, compared to people who can remember the days of dial-up or even no internet access at all. 

Spending the majority of their time watching, tapping and swiping, digital natives are likely to have more identities or accounts — social media, emails, streaming accounts, etc. — and each of those identities likely has hundreds if not thousands of followers, making those types of accounts a bad actor’s dream,” Gantt-Evans said. 

The survey found that a majority of Gen Z (77%) and Millennials (55%) respondents use corporate email addresses for their social media logins, compared to just 15% of Gen X and 7% of Boomers. Almost 30% of all workers said they use their company email for online shopping. 

SEE: 10 ways ransomware attackers pressure you to pay the ransom

Gantt-Evans said using corporate email for personal business can create entry points for bad actors into corporate infrastructure. 

“If credentials are compromised and a corporate account is taken over, the fallout from that point could be catastrophic,” she said. “Once threat actors are able to open a doorway, they can quickly establish footholds, harvest data and deploy malware.”

Using a work email for social media or streaming accounts can be a bad choice for the employee too, Gantt-Evans said.

“If you change jobs, and you have attached your work email to personal accounts, if those accounts become compromised, account recovery will be much harder, if not impossible, as those email addresses likely no longer exist,” she said. 

Gantt-Evans said that the best way to strengthen cybersecurity is to follow basic cyber hygiene practices while also planning for falling victim. 

Gantt-Events recommends implementing the following tactics to mitigate the risk of phishing and other common attacks: 

  • Limit Remote Desktop Protocol use and ensure it is behind VPN with MFA
  • Establish email hygiene, browser isolation and endpoint detection and response capabilities 
  • Conduct regular phishing awareness training with regular phishing tests
  • Use “external” markers in the subject line for emails from outside the organization
  • Add a phish report button to email clients
  • Patch all software in a timely manner and ensure software centers and golden images have up-to-date versions

The market research company Dynata conducted this survey of 500 U.S. workers employed by companies with 2,500+ employees on behalf of SailPoint.

Also see

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.