Millennials And Smartphone Apps: Your Security Nightmare - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile // Mobile Applications
11:01 AM
Connect Directly

Millennials And Smartphone Apps: Your Security Nightmare

Millennials' overall relaxed attitude towards security could be leaving your corporate data vulnerable to hackers.

6 Top Programming Languages For Mobile Development
6 Top Programming Languages For Mobile Development
(Click image for larger view and slideshow.)

By the year 2020, millennials will make up half of the US workforce. Executives have reason to be excited about the fresh ideas and enthusiasm they will bring to the table -- and wary of their relaxed approach to cyber-security.

Millennials live and work in an age where major data breaches are part of the daily news cycle. Despite this, 44% still believe the companies they do business with are keeping their personal data secure "all" or "most" of the time, according to Gallup research.

Their collective attitude towards mobile security is especially nonchalant, and over half (56%) of millennials download apps without reading permission details. This might seem like a trivial, even unnecessary step to a generation so accustomed to sharing personal data.

"Millennials live online," notes Caleb Barlow, vice president at IBM Security. "They're very used to sharing their information."

There are two major problems with this.

[iOS Mail App Vulnerable to Phishing Bug]

First, app stores are cybersecurity minefields. Most apps are dangerously open paths for hackers to access mobile data. Even though many apps request sensitive information, 40% of companies don't properly secure them. One third of apps are never tested for vulnerabilities.

Further, millennials have no idea how their information is being used. Most are unaware that their behavior is leaving both personal and corporate data vulnerable to hackers, making this generation "ripe for the picking," says Barlow.

Think about how much your phone knows about you -- from specific location and interests to contact lists and various account passwords. Each app holds different data, all of which can be combined to learn a lot about an individual. Millennials feel secure entering their data, so they are more likely to store information on their location, interests, and everyday activity on their mobile devices.

"They are laying down a set of bread crumbs about their lives that will likely never get deleted," Barlow explains.   

Certain apps are particularly problematic, he continues. There are plenty that ask for permissions they clearly don't need. A photo app may require camera access, but why does a navigation tool need to see a contacts list? Why does a simple game require the GPS?

"People have to realize that when a free app that requires a lot of information, they are the product being sold," Barlow cautions. In many cases, people are comfortable with this, but they need to understand that once that information is out there, they lose control over it.

(Image: Geralt via Pixabay)

(Image: Geralt via Pixabay)

This becomes especially concerning when millennials bring their vulnerable devices into the workplace.

"Millennials prioritize ease-of-use first, and they're very passionate about that," says Barlow. When they have an IT challenge, or feel the need to be more efficient or collaborative, millennials don't go to the tech department. They go to the app store for a new messaging service or a file-sharing app.

Businesses don't know the origins of these apps, nor do they have control over them. Millennials may use a file-sharing platform to share sensitive documents, which they can retain and continue to access after they leave the company.

Hearing this, the instinct for many CISOs is to ensure the availability of official corporate tools and blocking other app downloads. Most companies do this, says Barlow. It's common for executives to "bury their head[s] in the sand" while insisting that everyone should be using the corporate platform. Unfortunately, this is the wrong approach.

The goal for enterprises, says Barlow, should be to strike a balance between inspiring innovation and productivity among millennials while eliminating dangerous app downloads within the business.

Barlow proposes that organizations do this is by aggressively embracing new types of technologies and offering the types of collaboration and productivity apps that millennials expect to use. This way, at least the organization is aware they are using company-sanctioned platforms.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Mary E. Shacklett,  4/13/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll