Millennials Possible Threat to Cybersecurity

John Polis, chief technology officer for Star Mountain Capital, said during the North American Buy-Side Technology Summit that security training for the younger generation should emphasize the importance of protecting professional data.

“The younger generation has a different sense of technology. They’ve grown up with technology, the internet, and they think once you click on something you should be able to get around easily and not really worry about anything,” Polis said. “They’re the ones who probably pose a bigger threat so we really focus on educating them extensively.”

He added that firms need to personalize the impact of cyber threats rather than talk about the harm to the business to really hammer in the importance of security.

MacKay Shields managing director and head of global information technology Anthony Vigilante, who moderated the panel, said millennials entering the workforce have grown up with smartphones that can be wiped if compromised, and they may no longer be very familiar with a desktop computer, which is difficult to protect from cyber threats.

But it is not just the younger generation that needs to undergo cybersecurity training. Polis said education should be at the core of information technology protection policies. The good news, he said, is that employees are more receptive.

“We’re not getting pushback anymore when we ask for devices to be upgraded for security,” Polis said.

Cybersecurity education also includes constant reminders about email security, other panel members said, particularly because phishing scams still continue today and are more targeted than ever before. Vulnerable individuals like the company’s chief financial officer should be taken aside and given additional training on how to know if they are being targeted in a scam. Everyone in the firm is encouraged to question every email received and if in doubt to contact the cybersecurity team immediately.

The work of monitoring extends to third-party service providers as well. BNY Mellon Investment Management chief security information officer Jeff Brown said it’s important to lay down expectations from third and fourth parties early.

“One of the key points with third-party services is that they may be a third party but it’s your risk,” Brown said. “There are going to be a lot of questions about your policies so we have to think about contracts right from the start, make sure expectations are legally outlined and make sure that we have a level of ongoing monitoring over our third and fourth parties.”

If service providers update a system and do not sufficiently inform the bank or fund, any issue may be hard to identify and when it comes out to the press, it is the financial institution that could be blamed, he added.