Cybersecurity knowledge among Gen Z, the current generation of young people that are entering the workplace, is relatively low, yet they are the most tech-savvy.
A spot-check shows they are aware of cybersecurity knowledge but are not necessarily applying it, unless on personal gadgets.
Bonface Elvis, 23, says that he just has a basic knowledge of cybersecurity issues, but only applies it when it comes to his smartphone.
“Yes, I have basic knowledge about cybersecurity issues. However, when it comes to my company’s equipment like computers, I am not very keen,” he says, adding that his phone is his everything.
“I care so much about the information on my phone. I will guard it at all costs. Every Application (app) on my phone has a password. You cannot access my phone easily,” he adds.
Caroline Awino, who works in one of the reputable companies, also notes that she always assumes that her employer has put in place measures to protect their equipment like computers.
“Truth is that I don’t care much about the company’s properties such as computers. My attention is more on my phone and laptop. I use different passwords,” she says.
She adds that she has several e-mails which she uses for different purposes.
“I am well conversant with cybersecurity. I cannot be easily targeted by cybercriminals. I can identify phishing emails,” she adds.
Wilfred Mwamba, 25, also does not care about protecting the company’s equipment because of job insecurity.
“Why should I care so much yet I might be fired the next day? It’s my phone that matters most to me. This is where I invest by downloading Applications that will flag off or immediately block any attempted cybercriminal activity,” he says.
Cybersecurity has become a pain for many Kenyan companies. Yet, according to Anthony Muiyuro, a partner, risk advisory, and cybersecurity leader at Deloitte East AFRICA, there is a general laxity on matters of cybersecurity among the public.
“Employees, for instance, bear in mind that they have no liability nor responsibility over the business and liability lies with the employer. This makes them more relaxed in their strictness on protection against cybersecurity matters,” he says.
He adds that laxity has seen many organisations fall victim to cyberattacks emanating from employees.
“Recently there has been a sharp rise in ransomware attacks and targeted and organised cyber-attacks. It has been found that the main entry point for these attacks is the people who have access to the systems or networks.
Due to lack or insufficient knowledge on cyber threats, they open up malicious e-mails, or plug external devices either willingly or unintentionally causing harm to the organisation,” he says.
An employer must empower the employees and show them that they are also responsible as cybersecurity matters are not only for departments and organisations but also for individuals.
“This is where employee awareness and training come in. It should be made frequent to embed it as a culture that the employees find in the organisation,” he adds.
While a recent EY Human Risk study shows younger employees are less concerned about cybersecurity on work devices than on personal ones, statistics from Kaspersky mobile quest [Dis]connected reveal another issue regarding corporate cybersecurity.
The researchers from Ernst & Young LLP noticed that Gen Z and millennials are more eager to disregard security protocols for the sake of productivity.
Thus, they use the same passwords for both professional and work accounts more often than older generations, ignore mandatory IT updates and pay less attention to web browser cookies.
