Strategies for Building a Security Program Around a Multigenerational Workforce

Maybe you’re ahead of the game, but in today’s day and age, more and more organizations are recognizing the inherent advantages to fostering a multigenerational workforce.

That’s a fancy way to say companies have appeared to recognize that they stand to benefit if they appreciate every age segment of their labor pool, as each generation brings something of value to the table.

It may be all the rage to hire millennials and even Gen Z, but it remains true that employing a broader range of ages translates to a deeper knowledge base that’s difficult to replicate. But that’s also easier said than done. Despite the benefits, there are some unique challenges that come with accommodating a full age spectrum of workers, especially as it relates to digital security.

You might be scratching your head as to how, but consider this: we know how far technology has come across decades. But it’s also true that each generation has undergone a similar evolution alongside the tech of their time. As a result, each has developed its own ingrained behaviors and habits when interacting with technology.

As you may know, technology has become synonymous with business—everything is digital these days, so how can you reap the benefits of a multigenerational workforce without dealing with possible negative consequences due to their different approaches to tech?

Read on to understand the key to building an effective security program that will suit your entire organization, no matter how old everyone is, along with other strategies for lasting protection.

The Different Generations

For our purposes, let’s define the generations as follows:

  • Baby Boomers: born between 1946 – 1964 (57- 75 years old)
  • Gen Xers: born between 1965 – 1980 (41 – 56 years old)
  • Gen Yers/Millennials: born between 1981 – 1996 (25 – 40 years old)
  • Gen Z: born between 1997 – 2012 (9 – 24 years)

Honestly, this might be the first time that we’ve seen so many generations represented in the workplace simultaneously. And while it may seem like the media possesses a singular focus on millennials—you’ve seen all the think pieces that continue to suggest ways that companies can appeal to them—the truth is, they’re not the only ones working, and it’s a critical first step that everyone recognize that.

Generational Tendencies in Cybersecurity

A 2018 Pew Research Center study found that 29% of baby boomers were still in the labor market—in 2021, those workers are now between the ages of 57 and 75 years old.i A far cry from millennials, but these folks are still here, doing work for our organizations wielding all their knowledge gleaned from having watched the work environment and industries evolve over decades.

That’s not even accounting for Gen X, who fall in the middle and also make up a substantial part of the workforce. Given such an age range of employees and their generational tendencies, it unfortunately makes your job of bringing them into a singular cybersecurity mindset a little more difficult.

What do we mean by “generational tendencies?”

A study by Citrix published in BizTech Magazine found that because every generation has its own expectations and needs, their behaviors lead to a variety of risks that are not standard across the board.ii For instance:

  • Millennials are more likely to use unapproved apps and devices at work.
  • Boomers are more likely to be targeted by phishing scams.
  • Millennials and Gen Xers are more likely to be careless about following tech security policies.

There’s more, but in short, tendencies represent lots of potential problems that you want to avoid.

How to Help Everyone Learn About Security

But how? First things first, you need to pinpoint these gaps in your employees’ knowledge regarding security. This will take effort, drilling down to understand your people on a new level—you may have mostly millennials, or a healthy mix of Gen X and millennials, but it doesn’t matter how the numbers fall.

What matters is that when you understand what you have, you can then take those specifics and tailor your cybersecurity training to shore up those gaps, whatever they may be. Adapting training this way will absolutely yield better results than providing the standard. (More on this later.)

But here’s the thing. It’s not just about mitigating generational tendencies—it’s also about accommodating different learning styles when you do it. Learning is not one size fits all for every person, much less every generation. So don’t just take one tack—an important strategy you can employ is using training that appeals to a variety of generations and learning styles.

How do you accomplish that? The publishing platform eLearning Industry suggests one method in gamification.iii By definition, gamification adds game mechanics into non-game environments, and it can be tactile, auditory and visual. It can also improve retention by appealing to a wide variety of learning styles (and ages).

Digital security cannot be a generational thing—it needs to be a part of the overall company culture. After you bring everyone to the same knowledge page through this education tailored to their needs and styles, you need to maintain regular training to increase employee awareness of security best practices. Reinforcing best practices periodically helps fight complacency.

Other Strategies to Cybersecurity For All

To sum it all up: the key to a solid multigenerational security program is catering to all your employees so that they, in turn, cater to your greater security goals.

Still, there are other things you can do to bolster your efforts in this area:

  • Address the pandemic directly. COVID-19 has forced so many into working from home, and the security pivot to accommodate that must be meaningful. Due diligence must be done regarding any necessary applications in use for remote work—which may differ from those being used for working in office. Consider adding useful vetting mechanisms to them like multi-factor authentication for added security if you can.
  • In a similar vein, rework your security training to address this pivot to remote. If new tools for file sharing/syncing are in use, address and discuss how to securely use these tools and how your employees can protect their individual endpoints at home.
  • Make sure that IT staff are approachable so that any staff with questions or concerns feel comfortable voicing them. The stereotype that this department is full of prickly personalities may be an old one, but establishing this open communication remains important, nonetheless. What would help here is to establish a clear method of submitting your employees can use to submit their questions—that way, nobody catches IT during a crisis, and the questions still get answered for maximum benefit.
  • If you have a mentorship program in place to bridge the business knowledge gap, good news! You can also leverage it to reinforce the cybersecurity learning they’re all going through, which encourages even more multigenerational opportunities for collaboration.
  • Moreover, form technology committees staffed with multigenerational membership who help regularly assess the organization’s digital security health through periodic simulations. They can then make suggestions for improvements, identify areas of opportunity, and brainstorm solutions.

Just as having multiple generations represented ensures a wide variety of perspectives that can serve your business needs, it can also increase the range of weaknesses identified and of the solutions presented in terms of cybersecurity.

The benefits to a multigenerational workforce are well-stated—the deeper knowledge base, the varying experiences—but it is also true that trying to take advantage of such can create unique security concerns.

The good news is that, using these strategies, you too can successfully build a solid digital security program that appeals to a multigenerational workforce, earns “buy-in" from staff and, most importantly, protects the organization’s key assets. 

For more information on creating a successful cybersecurity program within your organization, checkout our blog on 5 cornerstones that will help you set an even more solid foundation.





About the Author

Jacob Ansari

Jacob Ansari is the Security Advocate at Schellman, where he leads the firm's security best practices advocacy. Jacob develops and leads educational efforts on security practices, emerging and extant threats, and related industry developments for both internal and external audiences, and regularly represents the firm as an experienced security practitioner, security officer, and industry expert on technical information security matters and leadership in the space. Jacob has also acted as the CISO for the firm and has an extensive history in a client facing role as the technical lead for Schellman’s PCI services. Additionally, Jacob has experience with other Payment Card Industry assessment services, namely Software Security Framework, PA-DSS, P2PE, 3DS, and PIN. Jacob has extensive technical expertise on matters of information security, compliance, application security, and cryptography, and has been performing payment card security assessments since the card brands operated the predecessor standards to PCI DSS. Over the 20 years of his career, Jacob has spoken extensively on security-related matters, trained and mentored assessors, and contributed to groups on emerging standards, advisory bodies, and special interest groups.

More Content by Jacob Ansari
Previous Article
What is SOC for Cybersecurity and How It Can Help You (and Your Vendors)
What is SOC for Cybersecurity and How It Can Help You (and Your Vendors)

Worried about ever-growing cyberthreats? SOC for Cybersecurity can help. Learn more about this examination,...

Next Article
How to Catch Mobile Traffic Escaping Burp
How to Catch Mobile Traffic Escaping Burp

Testing a mobile application and frustrated watching some traffic slip away from your settings? Learn about...

Now Providing C5 Examinations

Learn about C5