It’s that time of year again, only this year it’s bigger than ever. Online shopping at work is up this year, with bigger and better bargains than ever before. So what’s security’s role?
The numbers are apparently in, and Cyber Monday is getting bigger. USA Today reported that Cyber Monday really clicks with consumers Here’s are excerpts:
… traffic to many of the largest shopping websites soared 37% over last year's so-called Cyber Monday, … More than 70% of retailers surveyed by BizRate Research planned to offer Cyber Monday promotions this year, up from 43% last year…. CompUSA says online orders Monday, from 9 a.m to 2 p.m. CT, were up 48% from the same time frame a year ago….
Other news reports made even bolder claims such as CyberMonday.com Traffic Triples:
- 72 million consumers will shop online this year on Cyber Monday. Source: BIGresearch for Shop.org
- More than half (54.5%) of office workers with Internet access, or 68.5 million people, will shop for holiday gifts from work this year, up substantially from 50.7 percent in 2006 and 44.7 percent in 2005. Source: BIGresearch for Shop.org
- Men are more likely to shop from work than women (57.3% vs. 51.7%) and young adults 18-24 years old are more likely to shop there than any other age group (72.9%). Source: BIGresearch for Shop.org
I know this issue is getting big when my wife even asks me, “What’s up with this Cyber Monday thing?” In fact, many article point out that Cyber Monday is actually a marketing ploy and other shopping days leading up to Christmas are even bigger. See: Cyber Monday: Myth and Reality
Government Technology Magazine asked What is Grinch.exe and What Should Organizations Do about It?
Their article warns of the dangers of too much surfing by staff and offers fairly simplistic recommendations:
1) Define an appropriate application control policy
2) Monitor your PCs
3) Understand where the vulnerable applications are in your network.
4) Be aware of new vulnerabilities
5) Stop unwanted software before it executes
I find it interesting that one of Government Technology’s next articles reports: Eighty-Five Percent of Public Lack Confidence in Local Government's Computer Security, Survey Reveals
So my question to readers is what is your organization doing about this trend, besides issuing policies?
In Michigan, we send reminder e-mails to staff reminding them regarding holiday e-cards and shopping online hazards. We also monitor the traffic and behaviors of our employees.
We try our best to do each of the things recommended by the Center for Digital Government – with many controls in place, but we're certainly not perfect.
Can you share any experiences?