Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Online Shopping From The Workplace Advice From ISACA

ISACA : 10 November, 2010  (Technical Article)
Rapidly approaching holiday season brings online shopping perils to both employees and employers as the workplace is being increasingly being used as the base for shopping online
According to a pan-European survey conducted among members of global association ISACA, nearly 40% of business and IT leaders believe that employees at their organisations will spend more time shopping online during the upcoming holiday season using work computers and mobile devices than they did a year ago, negatively impacting productivity and creating increased security risks. Sixty-three percent of respondents predict that employees will spend 3 hours or more shopping online during company time over the next two months and a quarter of respondents believe employees will shop for a total of more than a full work day—9 hours or more.

According to the European edition of Shopping on the Job: ISACA's Online Holiday Shopping and Workplace Internet Safety Survey, the impact on a company's bottom line can be substantial, as 48% of business and IT leaders predict their organisations will lose over 700 Euros (US $1,000) per employee as a result of employees shopping online during work hours (this could cost 7 million Euros for an enterprise with 10,000 employees who shop online at work). Sixteen percent predict that the cost could be as high as 10,000 Euros (US $15,000) per employee.

Business and IT leaders from 30 European countries, including the UK, France, Germany, Italy and Spain, identified the following activities related to online shopping as high risk:

• Clicking on links in e-mail messages from unknown senders to access online shopping sites (42%)
• Accessing social networking sites for personal use from work-supplied computers or smart phones (32%)
• Using mobile shopping applications on work-supplied devices (30%)
• Downloading personal files, including music (56%)
• Losing a work-supplied computer or smart phone—ranked the biggest risk of all (68%)

"When workers use equipment provided by their employers for personal purposes, such as shopping online for holiday items, not only is productivity reduced, but computers are also exposed to malware, phishing and other attacks that potentially compromise data. It is surprising that 57% of organisations do not even try to restrict the use of work e-mail addresses for personal online shopping or other online non-work-related activities," said Paul Williams, chair of ISACA's Strategic Advisory Council and IT governance adviser to Protiviti.

But it is not all bad news. As the use of mobile devices such as smart phones, laptops, tablets and netbooks increases, many organisations are improving security, with 73% of European organisations now having a security policy that covers mobile devices and 48% regularly educating employees about securing their work-related and/or personal mobile devices for enterprise use.

European organisations are choosing to restrict online shopping using work-issued computers, rather than prohibiting it. The emphasis is on safe usage rather than an outright ban. According to respondents, 14% of their organisations limit personal use to non-working hours, such as before or after work or during lunch, and 31% prevent access to certain sites. Only 9% do not allow online shopping at all. However, nearly a quarter of organisations (24%) prohibit their employees from accessing social networking sites for personal use. Nine percent limit social networking sites to non-working hours, and 28% prevent access to certain sites.

The most frequently cited measure taken to limit or minimise the risks associated with personal use of a work computer was to put technology in place to protect against web-based attacks (79%), conduct training on the security policy (56%) and monitor employee usage of the web (50%).

"The number of portable computers and mobile devices in the workplace is increasing, so companies need to create realistic security policies that let employees stay mobile without compromising the company's intellectual property. To balance productivity and security, the IT mantra should be embrace and educate," said Mark Lobel, CISA, CISM, CISSP, mobile security project leader with ISACA and a principal at PricewaterhouseCoopers.

ISACA's Tips for Safe Shopping From Work Computers or Mobile Devices

For employees/online shoppers:

• Do not click on an e-mail or web link that is from an unfamiliar sender or looks too good to be true.
• Be very careful with the company information on your notebook, tablet or smart phone (for example, use a privacy screen shield on mobile devices).
• Password-protect your mobile device and its memory card.
• Make sure that the security tools and processes protecting your work-supplied mobile devices are kept up to date. If unsure, ask IT.

For the IT department:

• Team up with human resources to adopt an "embrace and educate" approach. Promote awareness of the security policy.
• Encrypt data on devices.
• Use secure browsing technology.
• Take advantage of industry-leading practices and governance frameworks such as the Business Model for Information Security (BMIS).

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo