Gen Z and Millenials are more concerned about cyber attacks – 5 tips to keep you safe

A zoomed-in image of a hand typing on a laptop. The laptop is bathed in red and blue light
(Image credit: Getty Images)

Millennials and Gen Z are the generations most concerned about the organizations they work for being the victim of a cyber attack. They're also worried about leaving their organizations vulnerable to cyber attacks, as well as feeling less prepared to deal with said cyber attacks.

This research comes from Ernst & Young LLP (EY US), which found that overall 53% of US employees worry their organization will be the target of a cyber attack. Just over a third (34%) are concerned they may be the ones leaving their organization vulnerable due to their actions. 

When it comes to Millennials and Gen Z, 58% and 64% of these generations respectively are worried that they will lose their jobs if they leave their organization vulnerable to a cyber attack.

This panic only works to make people less cyber secure, as it can lead to cyberattacks going unreported when they do happen, for fear of the repercussions. With 68% of cyber attacks including a non-malicious human element, e.g. clicking on a link in a phishing email, this fear is definitely best nipped in the bud.

So, to raise your cyber-confidence and put you in a better position to respond to cyber attacks, I have put together 5 steps you can take to make you (and by extension, your company) more cyber secure.

1. Recognize phishing attempts

A person sat at a computer blocking a spam email

(Image credit: Getty Images)

Phishing is a cyber attack technique that involves hackers putting out "bait" in the form of an email and hoping you'll take it, either by clicking on a link, downloading a file, or otherwise helping them reach their goal. 

There are multiple different forms of phishing, for example smishing which is sent via text, vishing which is via a phone call, and quishing where hackers send you QR codes in an attempt to get you to scan them.

These attacks are a form of social engineering, meaning hackers employ psychological tactics to try and force you into behaving the way they want to.

Understanding what to do if you get a suspicious text, email or even phone call is crucial for stopping phishing attacks. However, with EY US' research finding that just 31% of Gen Z employees feel "very confident" in their ability to identify phishing attempts, along with 51% of Millennials, it's clear that companies could be doing more to help out their employees.

Luckily, there are a few handy hints you can use to identify and prevent phishing attacks.

  • Don't immediately act: phishing attacks often employ language meant to inspire panic or a sense of urgency in the recipient. Even if you receive an email that claims that you must click on a link, download a file, or transfer funds, it's important to take a moment and consider whether the message is legitimate. 
  • Read the message carefully: is it pushing you to do something urgently? Does it seem different from other emails you've received from this person? Are there grammatical mistakes or spelling errors? Are you being asked to do something you wouldn't normally do, e.g. randomly resetting your password, buying gift cards, or attempting to move funds? All of these are clues that this is a phishing scam rather than a regular message. 
  • Check the sender: hackers may pose as your manager, IT department, or even CEO in an attempt to coerce you into helping them. While their display name may be the same, their email won't be. Hover over the contact and check it against the details you have for them. If you're still unsure, reach out to them directly. They'll be able to confirm whether or not it is legitimate. 
  • Check the link: if you have been urged to click on something, hovering over the link sent to you may reveal that it is dodgy. Of course, hackers can and do create very similar web pages to get you to believe that they're legitimate, so it can be hard to discern legitimate sites from not.
  • Report the phishing attempt: when hackers are attempting to gain access to an organization, likely, they may not just be targeting you. By reporting the attempted cyber attack, you'll be keeping your company safe by warning others of what to look out for. 

By using these techniques, you'll be protecting both yourself and your company. Plus, they can be used against day-to-day phishing attempts, making sure you're less likely to get scammed

2. Set up multi-factor authentication

Cropped hand of woman using mobile device with Two-Factor Authentication (2FA) security while logging in securely to her laptop

(Image credit: Getty Images)

Multi-factor authentication (MFA) can prevent cyber attacks as it requires you to confirm your identity via a code that is either texted to you, sent via email, or received via an authentication app. 

Not only does it mean that it is confirmed that you are logging in thanks to the code, it will also alert your company to the fact someone else is trying to gain unauthorized access to an account if you suddenly get MFA codes you didn't request.

The importance of MFA cannot be understated. For example, health tech giant Change Healthcare recently suffered a cyber attack that took its sites offline. A key aspect of the cyber attack was the fact that the Citrix profile used by the hackers to gain access to Change Healthcare's network did not have MFA turned on. 

It's not to say that the hackers wouldn't have been able to carry out the cyber attack if MFA was active, but it could have alerted Change Healthcare to the fact its network was in danger a whole lot sooner.

3. Use strong passwords

A zoomed-in picture of a password entry screen. A password has been entered but is concealed

(Image credit: Getty Images)

If you use a weak password for your work accounts, you are not alone. Research has found that 37% of people have "risky" workplace security habits, with almost two in five (39%) people admitting they use weak login credentials.

Passwords are the first line of defense against unauthorized access to your network. Using weak passwords may make them easier to remember, but they undoubtedly make you less cybersecure.

If you struggle to remember secure passwords, it's a good idea to use a password manager. Most browsers and even phones come with a built-in password manager that can generate secure passwords, so you don't have to come up with something yourself.

Some countries, such as the UK, are even making weak default passwords illegal. This may eventually extend further to protect people from using unsafe passwords in their workplaces.

4. Use a VPN

A man sat at a computer with a VPN displayed on the screen

(Image credit: Getty Images)

A virtual private network (VPN) is a piece of software that encrypts your computer's connection. This means your browsing data, IP address, and location, among other personal information, is kept private.

VPNs are particularly useful if you are a hybrid or remote worker, as it keeps your connection to both the internet and your company's network safe and private. This is doubly important if you use public Wi-Fi when you work. 

Public Wi-Fi can allow others on the network, or those running the network, to access your data via the internet connection. By using a VPN, you block anyone snooping from seeing what you're doing.

VPNs also prevent data theft by adding an extra layer of security when sharing or sending any data between users or servers. This layer of encryption helps keep prying eyes away from your device and the data stored on it, as well as any data stored on your company's network.

If you're unsure of which VPN to use, check out our recommendations for the best VPNs as we break down thousands of hours of testing into clear and simple results.

Try NordVPN, the best VPN around, free for 30 days30-day money-back guarantee
Get 3 months free

Try NordVPN, the best VPN around, free for 30 days
NordVPN tops my list as the best VPN on the market because its apps are so fast and reliable. You can stream your favorite shows from around the world with one of the fastest VPNs around, and all with a 30-day money-back guarantee. Simply get your cash back before the time is up for a month of free protection.

5. Install software updates regularly

A laptop with a yellow sticky note stuck to the screen with 'Time to update' written on it

(Image credit: Getty Images)

I get it, software popups can be a pain and sometimes it's infinitely easier to press "restart later", especially when you're in the middle of something. In terms of cyber security, though, these updates are vital in keeping your network safe.

The consequences of not installing software updates and patches really cannot be overstated. One of the most infamous ransomware worms, WannaCry, was particularly devastating to the UK's National Health Service (NHS) simply because their computers—which were vital to hospital operations—were running on outdated software and had not installed a Windows security update. 

The WannaCry ransomware worm ransomware note, telling the user that their computer is infected, their files are encrypted and to gain access to their files they must pay a ransom

(Image credit: So5146, Wikimedia Commons)

It has been speculated that up to 70,000 devices—not just computers but MRI machines, theater equipment, and blood storage refrigerators—were impacted by the cyber attack.

A ransomware worm is a particularly nasty piece of software that can self-replicate, meaning once it is on a network it can quickly (and devastatingly) spread across an entire network. All in all, WannaCry impacted more than 300,000 computers across 150 countries, and the financial impact of the attack was estimated anywhere from hundreds of millions of dollars to $4 billion.

So, next time you get an update, consider it a network-enforced break, save your work, and then set your computer to update while you grab a cup of coffee. By the time you come back, the update will be installed, you'll be refreshed and your company will be safer.

Olivia Powell
Tech Software Commissioning Editor

Olivia joined Tom's Guide in October 2023 as part of the core Future Tech Software team, and is the Commissioning Editor for Tech Software. With a background in cybersecurity, Olivia stays up-to-date with all things cyber and creates content across TechRadar Pro, TechRadar and Tom’s Guide. She is particularly interested in threat intelligence, detection and response, data security, fraud prevention and the ever-evolving threat landscape.