You've heard the stories about teens who post Facebook pictures of themselves getting smashed at parties or who "sext" compromising messages via cell phone. What are they thinking? Certainly not about how a future Google search could hurt their employment chances.
But what if they do get hired, say, in a state or local agency that didn't bother to ask many questions about their online ethics? They are likely to show up for work on the first day with computer habits that are quite a bit different from those of a professional workplace, with its concerns about cyber-security and data protection.
Even the "good" kids--the ones who aren't pirating software or hacking into computers--live electronic lives that are different from yours and mine. They share anything and everything with their friends, real and virtual, at all hours of the day, via cell phone, BlackBerry, iPhone or some other portable device. And they don't always think about the implications of revealing everything they're doing.
In other words, says Samuel C. McQuade, of the Rochester Institute of Technology, many of the new hires "grew up in an era that did not equip them to make responsible decisions online." They were raised, McQuaid says, on rapid-fire messaging, chatting and "friending" all across the globe, 24/7. And that leaves them vulnerable to manipulation. Employers, he says, need to "re-acculturate" them.
Children and young adults don't usually get a formal education on data security, Internet safety or cyber-ethics, McQuade reminded state CIOs at their annual meeting in October. Yet, about half of all children are using the Internet by kindergarten age. Studies show that cyber-bullying begins in second grade.Pirating music or movies starts in the fourth. And by the time they're in seventh grade, kids are starting to experience all sorts of cyber-abuse and crime.
This online-all-the-time generation learns cyber-abusive behavior from friends and repeats it. If governments and other employers want to protect their critical information, they need to be aware of the culture of the employees they've hired. McQuade suggests that the best starting point might be to "harmonize" cyber-security with education policies.
But what strategies exist to cope with the ethics gap here and now? An agency can ban a particular form of computer use, but the technologically skilled will figure out a way to get around it. If the boss forbids the use of certain sites on government computers, the young hires of Generation Y can cruise Facebook on their iPhones. There's no sure-fire solution.
Dawn Cappelli of Carnegie Mellon University, who also spoke at the CIOs' conference, warns that much of the malicious behavior that compromises network security comes from low-level employees who are recruited by outsiders to steal or manipulate information. So employers need to help young workers understand the consequences of taking the bait from those offering money for information. And they should be made aware that online evidence almost certainly will point the finger at them if they happen to misbehave.
Cappelli warns that these kinds of problems are not something that can be stopped by information security people alone. "The whole organization has to work together and understand the issues."
You may use or reference this story with attribution and a link to