• United States



by Senior Editor

Report: Employee Holiday Shopping Will Strain Security

Oct 21, 20092 mins
Application SecurityCybercrimeData and Information Security

Annual survey from ISACA finds productivity losses, information security risks are at stake when employees use work devices for shopping

Despite a lagging economy, many workers will shop online while at work this coming holiday season, according to a survey conducted on behalf of ISACA, a nonprofit association of information technology (IT) professionals. The second annual “Shopping on the Job: Online Holiday Shopping and Workplace Internet Safety” survey found that fully half of those surveyed plan to use their company’s computer to shop, putting a strain on employers’ systems and potentially compromising an organizations sensitive information and security.

Among those polled, the mean amount of time employees planned to spend shopping online was14.4 hours, nearly two full working days. One in 10 plans to spend at least 30 hours shopping online at work. Most planned to do their shopping in early to mid-December.

“The potential danger of shopping online is that it can open the door to viruses, spam and phishing attacks that invade the workplace and cost enterprises thousands per employee in lost productivity and potentially millions in destruction or compromise of corporate data,” ISACA officials said in a statement on the findings (Read last year’s report here).

ISACA also noted that employees who shop online using a work computer are also likely to engage in other high-risk behaviors. Survey participants also bank online (51 percent), click on e-mail links redirecting them to shopping sites (40 percent) and click on links from social network sites (15 percent). Yet nearly one in five says they are not concerned that their online shopping habits may affect the safety of their organization’s IT infrastructure (See what CSO blogger Dan Lohrmann has to say about Cyber Monday).

The survey also found that more than one in 10 Americans who use a mobile work device such as a BlackBerry or iPhone plan to use it for holiday shopping, further opening the door for additional security issues and exposure to data loss for a company, according to ISACA.

ISACA officials also found there is a large reality gap between employees and the IT department. A separate ISACA survey of more than 1,500 IT professionals who are ISACA members conducted during the same time period revealed close to half (48 percent) of those in IT believe employees will spend just over one work day, or nine hours, shopping online from a work computer. One in four IT professionals estimated that their company will lose US $15,000 or more per employee in productivity during this year’s holiday season.