In the third and final part of our interview series with Kelley Misata, we discuss millennials and their views on cybersecurity and risk communications, among other topics. Misata, a Ph.D. candidate at Purdue University, previously chatted with Security Intelligence about issues relating to privacy and risk communications as well as information security in the first and second installments.
Question: At Emerson College, you’re teaching students about surveillance, privacy and risk communications. Do you think there are fundamental differences between how Gen Xers and millennials view privacy and cybersecurity? How will that impact the security landscape in the next decade?
Answer: My time teaching at Emerson has been amazing, and I’ve been very fortunate to have students in my classes who are engaged and curious about these topics. There are some differences between how Gen Xers and millennials view privacy and cybersecurity that are very different from those of us who remember life before the Internet and smartphones.
Actually I would have to say there is a chasm more than just differences. Their lives are out there 200 percent online and in ways that many of them never give a second thought to because they haven’t had a need to think about it. Even with the news about widespread surveillance in our country, many of these students saw that as something that didn’t relate to their daily lives. Until we discussed it.
One exercise I had them do was, in one 24-hour period, count how many surveillance tools and technologies they came across; it was interesting to see them focus on the cameras they see around them but never considering the tracking being done online through online browsing, GPS locations, postings, etc. What was also interesting, and how I feel this is going to impact the future of the security landscape, is that often people just see things from one side. The beauty of conversations and learning is to help people see even controversial and scary things from two sides.
My students and I walked through several examples of how surveillance is used for the power of good as well as the power of evil. We discussed how technology is morally neutral, and at the end of the day, its impacts are about the people using it, about the people we trust with our information and about how we are showing up in the online space. If we persist in encouraging users to have narrow and somewhat naive views of cybersecurity, then how can things move forward in a positive direction?
Any advice on what companies can do now to leverage and improve their privacy and risk communications practices from the lessons you’ve learned working with crisis centers and crisis management?
First, I encourage organizations to break down the silos between IT groups, security groups, marketing, communications, human resources and others. Though no one should expect to be an expert in all the fields, broadening the view and helping to drive more interdisciplinary conversations is essential in any environment. Everyone has something to bring to these conversations.
Second, though I know it’s frustrating for IT and security professionals to discuss technical concepts at an elementary level, bring in people like me who don’t mind doing that. We have to help more people understand how important security and privacy is today and into the future. Last, there are some exciting new approaches to crisis communications and management. The more we live in the digital realm, the more challenging this gets, but it’s not impossible to manage if you prepare.
I suppose the big message here is let’s not wait for something bad to happen to prepare. I learned a long time ago that you never know what is lurking out there, but thinking about it every day will drive you crazy. So we don’t have to sit in the land of paranoia every day, but raising the level of understanding and awareness in any organization can have huge payoffs.