According to research commissioned in September 2006 by consultant Marc Prensky, the typical 21-year old graduate entering the workplace has about 5,000 hours of game play experience, has exchanged 250,000 e-mails and instant messages, has spent 10,000 hours on their mobile phone and put in 3,500 hours surfing the internet.
Employers around the UK are now facing the challenge of having to appeal to these budding young professionals who, unlike previous generations, have grown up using technology in everyday life.
The iPod generation will expect a certain degree of leniency when it comes to using technology for leisure pursuits while at work. So how can employers ensure that a harmonious co-existence between productivity and leisure time is found, so as not to destabilise employee morale?
By implementing information security practices that are geared towards enabling rather than restricting, businesses can entice and retain high calibre candidates, while still ensuring productivity and business continuity.
A report in the Times Higher Education Supplement in late 2005 suggested that undergraduate university applications were down 5% compared with that of the previous year, fuelling speculation of a skills shortfall in 10 years' time. With this in mind, graduates now have the upper hand when applying for jobs and when ultimately coming to accept a position.
Figures from Prospect Careers, an advisory service for postgraduates, suggest that graduates are taking longer to find the "perfect job", with almost 30% taking up to six months to pick and choose that all-important first career step.
No longer is it enough to simply offer prospective employees the traditional benefits, such as contributed pension schemes, gym memberships, social events, bonuses and flexi-time instead, these are almost a standard expectancy of graduates entering the workplace.
Today's 21st century worker demands more from their employer for example, the almost unequivocal and unwritten right to send personal e-mails and instant messages during work time, and the right to listen to music on an MP3 player at work, all with the aim of breaking the flow of the day.
Paul Wakeman, founder of Total Recruitment Group, said, "This is a trend we have noticed for a while, especially with high-end graduates leaving the top UK universities. By the time they have finished their course, they are savvy enough to realise their business potential and value.
"We are finding that candidates today are far more selective about which position they ultimately go for, and the corporate culture is very much a persuasive factor when coming to make a decision."
Some businesses have marketed themselves specifically to appeal to this new generation of professionals, with some offering "duvet days" as an added incentive. In fact, one UK employer hands new starters an iPod Nano that has the company handbook pre-loaded as a Podcast on the device.
So how can HR and IT departments work together to ensure that the organisation remains attractive, while ensuring that corporate security is in no way compromised?
Developing acceptable use policies is the first and most important step when considering the restrictions to enforce on employees' use of technology in the workplace. The policy should be fleshed out and driven by the HR and IT departments, and must set clear boundaries for using technology within the workplace.
The IT department, however, plays a pivotal role in how an acceptable use policy is not only enforced, but how it can impact the working ethos of each individual member of staff. Once a rigid policy is finalised, the underpinning security technology should ease the headache for IT security managers who are left to enforce and supervise these policies.
The current generation of graduates are perhaps more gadget savvy than any other generation of technophiles, whether it be music players, USB sticks or digital cameras. As these devices are personal in nature, the likelihood of them being used in the enterprise is a certainty that many businesses are ignoring, mostly because they represent an enormous management headache for IT security managers.
Equally, staff opening viral attachments, downloading files and visiting non-work-related websites that introduce malware pose a huge risk. Often, businesses will negate such risks by enforcing a strict policy of no removable media within the enterprise.
Technologies such as whitelisting, however, can provide a solution to the security concerns associated with enabling the modern worker. The whitelist approach provides businesses with an opportunity to use USB devices as a legitimate business tool.
Employers can use whitelisting to either deny removable media from plugging into the network or to restrict its use to certain times of the day. Equally, downloaded unauthorised applications (including malware) will be denied the ability to launch and install, as the whitelist does not recognise the file as being on the list of applications allowed to run on a PC.
The way the market is currently directed, USB sticks will eventually become as ubiquitous within the enterprise as mobile phones. In fact, now that 64Gbyte removable media are available, the options are virtually endless.
Staff could in the near future be given a USB stick which has all the required applications pre-loaded and configured to connect to back-end business applications once the device is plugged into a PC or thin client on the network.
This device could also be used by staff as a remote token that opens doors and contains credit for staff to purchase drinks at the vending machine. The possibilities are endless, and need not be a security nightmare.
Considering the competitive recruitment landscape, UK businesses need to differentiate themselves from competitors and promote themselves as modern, cutting-edge organisations that embrace new technology, rather than fear the unknown.
A clearly defined acceptable use policy, combined with whitelist technology, provides a compelling argument for businesses to change their work ethos and improve corporate competitiveness without jeopardising IT security.
Dennis Szerszen is vice-president of business development at security software provider SecureWave
Comment on this article: firstname.lastname@example.org
This was first published in January 2007