Survey: Despite Risks, Employees Still Holiday Shop at Work

Most workers will do some kind of online shopping from their work computer in the coming weeks, according to a recent survey from ISACA, a global, nonprofit association of IT professionals. But while worker attempts to check off a holiday shopping list may pose security risks for the businesses which employee them, most organization still don’t have an effective plan to stop the behavior — or to educate people about the risks.

The research, titled “Shopping on the Job: Online Holiday Shopping and Workplace Internet Safety,” suggests four out of 10 Americans ages 18-24 will spend up to five hours shopping online using their work computer this holiday season. The same age group is the least worried about the vulnerability of their work computers, according to ISACA.

Holiday shopping online has been steadily growing in recent years. Online retail sales are predicted to grow another 12 percent this season, according to Forrester research. And while many shoppers still prefer bricks and mortar and head to the mall the day after Thanksgiving, the Monday following Thanksgiving weekend is now known as ‘Cyber Monday,’ because it has become so common for workers to begin their holiday shopping when they return to work and can use an office computer.

What are the implications? Shopping online can create a myriad of problems for a business network, including an increased risk of spam, viruses and phishing attacks in the workplace, said ISACA officials.

The survey looked at the how much time employees will spend in November and December shopping online from work and found 63 percent of people in all age groups plan to shop online during the holiday season from their workplace computers. Those aged 18-24, known by many as Millennials, were the most likely to shop at work, the poll found. Older Americans are less likely to shop from work.

While shopping online for holiday purchases has steadily increased, the research suggests employees still don’t understand the risk involved. Other findings in the survey:

-More than two in 10 (22 percent) of respondents have clicked on an e-mail link to go to a retailer’s web site from their workplace computer and used their company e-mail address as the contact for a purchase.

-One in four (26 percent) respondents either does not check or is unsure how to check the security of a web site before making a purchase.

“This survey clearly shows that younger employees are more likely to engage in online activities at work that put a business’s IT infrastructure at risk,” said Kent Anderson of ISACA’s Security Management Committee, in a statement. “The fact that Millennials are planning to spend the equivalent of more than half a work day doing holiday shopping from their work computer, combined with their lack of concern for how secure their computer is, points to an urgent need for employee education.”

ISACA also polled over 3,000 IT professionals and found nearly half believe their company is losing an average of $3,000 or more in productivity per employee from online holiday shopping at work. Despite the concern, 55 percent said their company permits workers to shop online but has no strategy for educating them about the risks.