Millennials prove that tech savviness does not always equal security awareness

Bleeping Computer has published an article all about how millennials are more likely to be a victim of phishing and online scams than Baby Boomers (a.k.a. old people). I am taking this story with a few grains of salt because they gathered the data via a survey (in other words, there’s no hard data). But the result is really not that surprising.

Think about it this way: many Baby Boomers work in a corporate environment where they (hopefully) are inundated with a message of “don’t click that!” Even if someone doesn’t work in corporate America, they are probably more aware in general due to news coverage, etc. AND they have been around longer to get that message.

Millennials, on the other hand, are often not in bigger corp jobs, and they don’t consume media the same way the older generation does. And, of course, they haven’t been around for as long, so some of those messages haven’t got to them yet. Plus, they just want to do their social thing without hinderances. In general, Millennials are probably up for taking more chances.

This is all speculation on my part, of course. But it makes sense when viewed through the lense of generational differences. This is why I would advocate for security awareness training in high school and college (along with basic financial classes). Something that can give awareness without always focusing on tech (because that changes a lot). It should give young people a general sense of awareness and a healthy sense of paranoia – basically, something that will make them think twice. Combine that with PSAs that pop up as ads in social media, streaming apps, etc. And as parents, we should also be teaching that kind of awareness. It’s not an easy thing to tackle, and human nature is always going to make us susceptible to scams. Maybe as Millennials become more seasoned, they will start learning some of those lessons.

But we shouldn’t have to rely on life lessons to teach future generations. We have to start teaching security awareness proactively at a younger age, or the lessons are going to keep getting taught the hard way. The bad guys want it that way. So let’s start disappointing them.

So call to action: do you have formal programs in your educational system, school high school, college awareness? Do your computer science classes at any level include information/cyber security in the curriculum? If so, is it a small part or a whole semester? If not, what kind of proposals do you have to fix that? What can we do to influence educators? Who do you know who is actively trying to fix this now?

Let’s have a discussion and see if we can make some headway.

*** This is a Security Bloggers Network syndicated blog from An Information Security Place authored by Michael Farnum. Read the original post at: