Not even close.
Apparently, employees, on average, plan (plan!) to spend nearly two full working days — 14.4 hours — shopping online while at work. One in 10, in fact, plans to spend a whopping 30-pus hours shopping online from work.
ISACA, an association of IT professionals, conducted two surveys, one of 1,210 U.S. consumers and the other of 1,513 IT professionals in nine countries. There was a huge disconnect between what the employees planned and the IT folks predicted - fully 48 percent of the latter were estimating employees would spend fewer than nine hours on average shopping from work computers. Of course, the fact that the IT professionals came from several nations could mean the disconnect isn't as large as it seems at first glance, as U.S. consumers may be more likely to shop online from work and were the only ones in the consumer survey.
Convenience (34 percent of those surveyed) and boredom (23 percent) were the biggest reasons given for shopping while at work. While only half the employees who were surveyed planned to shop online, those workers also were more likely to "engage in other high-risk behaviors" even outside the holiday season. They bank online (51 percent), click on e-mail links to shopping sites (40 percent) and from social networking sites (15 percent), but one in five of those who conduct all these online financial transactions doesn't think about the affect it might have on the company's security infrastructure.
The ISACA seems to have a realistic view of the situation, however, and isn't encouraging employers to try to ban their employees from shopping while at work. Said Robert Stroud, international vice president of ISACA:
"Companies should educate employees about the risks and remind them of
security policies. This is especially important now, when the
convenience of shopping online is appealing to employees whose workloads
may have doubled because of downsizing."
(Except, perhaps, those employees who are shopping out of boredom?)
The IT professionals surveyed estimated that their companies would lose about $15,000 (U.S.) in employee productivity due to the holiday shopping. But the surveys also pointed out that many employees are using their own mobile devices to conduct business from, whether via e-mail or phone calls, as well as using work-issued mobile devices to conduct personal business. Both can raise issues about the security of the company's IT infrastructure.
The ISACA offers these tips for online to keep things more secure:
- Use your desktop PC, not your mobile device, to shop, because your desktop browser is likely to be more secure.
- Protect sensitive information, like credit card numbers, by password-protecting both your mobile device and its memory card.
- Make sure you update your anti-virus and anti-malware programs continually.
- Treat social networking sites with the same caution as other web sites—social sites are a growing target for fraudsters and virus writers.
- Be cautious of special offers. If it looks too good to be true, it probably is. Fake online offers and coupons may lead to harmful sites, so be suspicious.
- Educate employees. Blocking sites can do more harm than good, causing employees to seek out less secure ways to get around your blockade. Education works better.
- Get employees on board with learning by teaching them how to protect both their work computers and their home computers.
- Reinforce what you teach by having employees sign an acceptable-use policy every year.
- Offer a “safe zone” for holiday shopping—create an online sandbox that can be taken down after the holidays.
- Don’t wait until Cyber Monday to step up security. Think of “Cyber Season” as the time from September to January and be extra-diligent throughout that time.