Survey: Employees Will Shop Less Online But Take Bigger Risks During Holiday Season

Employees in the United States plan to spend less time shopping online from a work-supplied computer this holiday season than they did a year ago, but more of them are engaging in risky online behavior, according to the third annual “Shopping on the Job: ISACA’s Online Holiday Shopping and Workplace Internet Safety Survey.”

Employees are expecting to spend an average of 6 hours shopping from a work computer or mobile device this holiday season vs. 14 hours in 2009, with 20 percent planning to spend 9 hours or more. But, there is an increase this year in the number of employees who take risky actions online, such as clicking on an e-mail link or providing their work e-mail address when shopping online, and 42 percent report accessing social network sites from their work-supplied computer or mobile device.

“Employees who shop online reduce productivity -- especially from Black Friday through mid-December, when 71 percent of them make their holiday purchases -- and open the door to social engineering and phishing attacks, malware, and information breaches that can cost companies millions and inflict severe damage to their reputation,” said John Pironti, CISA, CISM, CGEIT, CRISC, security advisor with ISACA and president of IP Architects, LLC.

This year’s survey also found that almost half (47 percent) of those who will shop online with company devices will do so using a portable device, such as a notebook computer, tablet or smart phone. This increases a company’s security risk because these devices are often used on wireless networks outside of a protected corporate network. They also are more easily lost or stolen, and contain corporate data that are typically not encrypted.

“The number of portable computers and mobile devices in the workplace is increasing, so companies need to create realistic security policies that let employees stay mobile without compromising the company’s intellectual property. To balance productivity and security, the IT mantra should be embrace and educate,” said Mark Lobel, CISA, CISM, mobile security project leader with ISACA and a principal at PricewaterhouseCoopers.

Employees say the top three reasons for shopping online at work are that it is a convenient use of lunch/break time (38 percent), they are working long hours and don’t have time to shop from home (17 percent) and they are bored at work (11 percent).

Security is not a major worry for survey participants, with only 3 percent citing “better security” as a reason for shopping using a work computer. Under two-thirds do not use secure browsing technology on work-supplied devices. Forty-one percent assume their IT department updates their security patches.

This attitude is especially common among digital natives, who have grown up with the Internet. Young adults (ages 18-34) in the survey are the most likely to shop online using work-supplied computers or mobile devices and are more inclined to use their personal computers for business.

“Digital natives are comfortable with blurring the lines between work and play, which poses new challenges for their employers,” noted Robert Stroud, CGEIT, international vice president of ISACA and service management and governance evangelist at CA Technologies. “This generation is happy to use their own computer at work or use a work-supplied smart phone for shopping or social networking, so they need a new kind of IT security policy that balances access and control.”

A separate global survey of 837 U.S. business and information technology (IT) professionals who are members of ISACA, conducted during the same time period, shows that two-thirds of respondents believe their organization loses $1,000 or more per employee as a result of an employee shopping online during work hours in November and December. Approximately one-third put the number at $15,000 or higher.

For mobile devices, an overwhelming majority (85 percent) ranked the risk of using a mobile shopping app on a work-supplied device as high or moderate. Despite that, 43 percent allow employees to use work-supplied mobile devices for personal use and 45 percent let employees use their own mobile devices for work.

Featured

  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

Webinars

New Products

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3