Annual survey from ISACA finds productivity losses, information security risks are at stake when employees use work devices for shopping Despite a lagging economy, many workers will shop online while at work this coming holiday season, according to a survey conducted on behalf of ISACA, a nonprofit association of information technology (IT) professionals. The second annual “Shopping on the Job: Online Holiday Shopping and Workplace Internet Safety” survey found that fully half of those surveyed plan to use their company’s computer to shop, putting a strain on employers’ systems and potentially compromising an organizations sensitive information and security. Among those polled, the mean amount of time employees planned to spend shopping online was14.4 hours, nearly two full working days. One in 10 plans to spend at least 30 hours shopping online at work. Most planned to do their shopping in early to mid-December.“The potential danger of shopping online is that it can open the door to viruses, spam and phishing attacks that invade the workplace and cost enterprises thousands per employee in lost productivity and potentially millions in destruction or compromise of corporate data,” ISACA officials said in a statement on the findings (Read last year’s report here). ISACA also noted that employees who shop online using a work computer are also likely to engage in other high-risk behaviors. Survey participants also bank online (51 percent), click on e-mail links redirecting them to shopping sites (40 percent) and click on links from social network sites (15 percent). Yet nearly one in five says they are not concerned that their online shopping habits may affect the safety of their organization’s IT infrastructure (See what CSO blogger Dan Lohrmann has to say about Cyber Monday). The survey also found that more than one in 10 Americans who use a mobile work device such as a BlackBerry or iPhone plan to use it for holiday shopping, further opening the door for additional security issues and exposure to data loss for a company, according to ISACA. ISACA officials also found there is a large reality gap between employees and the IT department. A separate ISACA survey of more than 1,500 IT professionals who are ISACA members conducted during the same time period revealed close to half (48 percent) of those in IT believe employees will spend just over one work day, or nine hours, shopping online from a work computer. One in four IT professionals estimated that their company will lose US $15,000 or more per employee in productivity during this year’s holiday season. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe