Gen Z and Millennials: Upgrade Your Cyber Hygiene

International Youth Day (August 12) celebrates the digital impact of young people. But being always connected also widens the attack surface. Research consistently shows Gen Z and Millennials are online more, juggle more accounts, and too often take shortcuts on safety—raising the risk of compromise.

Why digital natives are vulnerable

• More time online, more accounts: 65% of Gen Z and 64% of Millennials say they are always connected; many hold 10+ online accounts (National Cybersecurity Alliance, NCSA).
• Risky habits: 46% of employed Gen Z have shared sensitive work info with AI without employer approval (vs 38% overall).
• Weak basics: Only 58% of Gen Z use unique passwords most of the time (vs 71% of Boomers), and just 56% use MFA (vs 70–71% of Gen X/Boomers).
• Slow updates: Only 44% install updates very often or always.
• Security deprioritized: 68% of Gen Z say they prioritize online security (vs 89–91% of older cohorts).
• Policy friction: Nearly half of 18-24s view security tools as a hindrance, and 31% have tried to bypass policies to get work done (HP research).

The fallout
Younger users are more likely to fall for phishing and online dating scams and to lose money or data compared with older groups. Financial crime also skews young: the UK’s National Crime Agency reports 60% of money mules are under 30. Contributing factors include impatience, overconfidence, inexperience, FOMO, and financial pressure.

Top threats facing young people

• Sextortion: Offenders trick victims into sharing explicit content, then extort more images or money. AI nudifying tools can fabricate images for leverage. Email-based sextortion scams also claim to have compromising footage via malware.
• Account takeover: Social, gaming, and other accounts are prime targets for brute force and credential stuffing—especially when passwords are weak or reused and MFA is missing.
• Online scams: Social ads and messages drive investment and giveaway scams that steal data and crypto. Deepfake celebrity endorsements and hacked friend accounts increase credibility and urgency. Phishing emails and texts remain common entry points.
• Malicious downloads: Apps, games, and pirated content from third-party stores and forums are frequently laced with malware (stealers, spyware, adware). Example: a GitHub repo targeting Hamster Kombat players spread Lumma Stealer (ESET Threat Report H2 2024).

How to level up your cyber game

• Stick to official app stores and avoid pirated content to reduce malware risk.
• Vet apps before installing: read reviews and check the developer’s track record.
• Update everything: keep operating systems, apps, and device firmware current.
• Use trusted security software on all devices to block malware and dangerous downloads.
• Treat unexpected messages with caution: avoid clicking links and attachments; verify through a known, separate contact method. Inspect sender domains carefully.
• Be skeptical of social media ads and influencer endorsements; assume deepfakes and hacked accounts are possible. When in doubt, do not click.
• Lock down privacy: review social settings, limit oversharing, and avoid clues that could reset your accounts or train deepfake/nudifying tools.
• Strengthen authentication: use long, unique passwords stored in a password manager and enable MFA everywhere (prefer authenticator apps or security keys).
• Remember the rule of too-good-to-be-true: pause, verify, and walk away if pressured.

For parents and mentors
Model good habits, share knowledge, and communicate risk with empathy. Listening first and avoiding lectures makes safety guidance far more likely to stick.

Young people drive digital innovation. With a few smart habits, they can lead on cybersecurity, too.

Source: WeLiveSecurity