Those who plan to sneak in a couple hours here, a couple hours there to do some holiday shopping
while at work can, perhaps, take comfort in the fact that they're not alone.
Not even close.
employees, on average, plan (plan!) to spend nearly two full working
days — 14.4 hours — shopping online while at work. One in 10, in fact,
plans to spend a whopping 30-pus hours shopping online from work.
an association of IT professionals, conducted two surveys, one of 1,210
U.S. consumers and the other of 1,513 IT professionals in nine
countries. There was a huge disconnect between what the employees
planned and the IT folks predicted - fully 48 percent of the latter
were estimating employees would spend fewer than nine hours on average
shopping from work computers. Of course, the fact that the IT
professionals came from several nations could mean the disconnect isn't
as large as it seems at first glance, as U.S. consumers may be more
likely to shop online from work and were the only ones in the consumer
(34 percent of those surveyed) and boredom (23 percent) were the
biggest reasons given for shopping while at work. While only half the
employees who were surveyed planned to shop online, those workers also
were more likely to "engage in other high-risk behaviors" even outside
the holiday season. They bank online (51 percent), click on e-mail
links to shopping sites (40 percent) and from social networking sites
(15 percent), but one in five of those who conduct all these online
financial transactions doesn't think about the affect it might have on
the company's security
ISACA seems to have a realistic view of the situation, however, and
isn't encouraging employers to try to ban their employees from shopping
while at work. Said Robert Stroud, international vice president of
"Companies should educate employees about the risks and remind them of
security policies. This is especially important now, when the
convenience of shopping online is appealing to employees whose workloads
may have doubled because of downsizing."
(Except, perhaps, those employees who are shopping out of boredom?)
The IT professionals surveyed estimated that their companies would lose
about $15,000 (U.S.) in employee productivity due to the holiday
shopping. But the surveys also pointed out that many employees are
using their own mobile devices to conduct business from, whether via
e-mail or phone calls, as well as using work-issued mobile devices to
conduct personal business. Both can raise issues about the security of
the company's IT infrastructure.
The ISACA offers these tips for online to keep things more secure:
- Use your desktop PC, not your mobile device, to shop, because your desktop browser is likely to be more secure.
- Protect sensitive information, like credit card numbers, by password-protecting both your mobile device and its memory card.
- Make sure you update your anti-virus and anti-malware programs continually.
social networking sites with the same caution as other web sites—social
sites are a growing target for fraudsters and virus writers.
cautious of special offers. If it looks too good to be true, it
probably is. Fake online offers and coupons may lead to harmful sites,
so be suspicious.
And these tips for IT professionals at the companies where employees are shopping online:
- Educate employees. Blocking sites can do more harm than good,
causing employees to seek out less secure ways to get around your
blockade. Education works better.
- Get employees on board with learning by teaching them how to protect both their work computers and their home computers.
- Reinforce what you teach by having employees sign an acceptable-use policy every year.
- Offer a “safe zone” for holiday shopping—create an online sandbox that can be taken down after the holidays.
- Don’t wait until Cyber Monday to step up security. Think of “Cyber
Season” as the time from September to January and be extra-diligent
throughout that time.
More information about the survey can be found here