And that opens up a world of security issues, since IT might not even know all of the third-party tools that are used across the company, or the threats they may pose.
Organizations need to take digital transformation seriously to prevent this type of employee behavior, says Rogers. It's crucial to evaluate your current technology, to get a sense of what employees are looking for in work-related apps and services and then to find a way to deliver those tools without compromising security.
Your employees are the most engaged during the first six months at a new job, according to research from Gallup, but after the honeymoon stage, engagement swiftly drops off. It's important to instill a sense of cybersecurity awareness in your employees within their first few months on the job.
The longer you wait, the less likely they will be to fully comprehend the importance of enterprise security. The onboarding stage is a great time to layout your business' overall mission as well as any policies around BYOD, confidentiality and security.
You also want to make sure that employees value the company's data and assets -- it's naïve to expect that they'll show up on their first day completely comprehending the value of corporate data and resources.
Rather, Rogers says you need to encourage a sense of ownership in employees -- especially new hires -- so that they feel just as eager to protect those assets as someone more senior.
"If an employee is interacting with a critical database containing personal information of customers, he or she should be well-versed in the potential ramifications both in terms of ruin and regulation that the exposure of that data could have. Once a user understands the criticality of the assets they are working with, he or she are generally more cautious within how they use it," he says.
One way to ensure your employees actually retain the information they're taught in training is to make it entertaining and interesting.
Wagner says to avoid "long, comprehensive courses," noting that these can make your employees feel tired, drained and worn out. Instead, he suggests rolling out security training sessions in "bite-size chunks," so employees remain engaged. And regular internal testing can help ensure employees are still up to date on security.
Don't make assumptions
Just because your millennial hires are considered "digital natives," it doesn't mean you should automatically assume they're also tech-savvy.
A study from Raytheon and the National Cyber Security Alliance found that, for the most part, millennials are overconfident in their cybersecurity skills. Results showed that 66 percent of respondents had connected to a password-free public Wi-Fi within the last month, the same percentage also admitted to not updating their operating system or browser; 23 percent said they shared a password with a non-family member within the last year and 20 percent had never changed their online banking password.
Sign up for MIS Asia eNewsletters.