• United States



Encourage Cyber Monday or Grinch.exe?

Nov 28, 20073 mins
CareersIdentity Management SolutionsIT Leadership

  It’s that time of year again, only this year it’s bigger than ever. Online shopping at work is up this year, with bigger and better bargains than ever before. So what’s security’s role?

 The numbers are apparently in, and Cyber Monday is getting bigger.   USA Today reported that Cyber Monday really clicks with consumers  Here’s are excerpts:

    … traffic to many of the largest shopping websites soared 37% over last year’s so-called Cyber Monday, …  More than 70% of retailers surveyed by BizRate Research planned to offer Cyber Monday promotions this year, up from 43% last year…. CompUSA says online orders Monday, from 9 a.m to 2 p.m. CT, were up 48% from the same time frame a year ago….

Other news reports made even bolder claims such as Traffic Triples:

–          72 million consumers will shop online this year on Cyber Monday. Source: BIGresearch for

–          More than half (54.5%) of office workers with Internet access, or 68.5 million people, will shop for holiday gifts from work this year, up substantially from 50.7 percent in 2006 and 44.7 percent in 2005. Source: BIGresearch for

–                     Men are more likely to shop from work than women (57.3% vs. 51.7%) and young adults 18-24 years old are more likely to shop there than any other age group (72.9%). Source: BIGresearch for

 I know this issue is getting big when my wife even asks me, “What’s up with this Cyber Monday thing?” In fact, many article point out that Cyber Monday is actually a marketing ploy and other shopping days leading up to Christmas are even bigger. See: Cyber Monday: Myth and Reality

Government Technology Magazine asked  What is Grinch.exe and What Should Organizations Do about It?  

Their article warns of the dangers of too much surfing by staff and offers fairly simplistic recommendations:

1) Define an appropriate application control policy

2) Monitor your PCs

3) Understand where the vulnerable applications are in your network.

4) Be aware of new vulnerabilities

5) Stop unwanted software before it executes

I find it interesting that one of Government Technology’s next articles reports:  Eighty-Five Percent of Public Lack Confidence in Local Government’s Computer Security, Survey Reveals

 So my question to readers is what is your organization doing about this trend, besides issuing policies?

In Michigan, we send reminder e-mails to staff reminding them regarding holiday e-cards and shopping online hazards. We also monitor the traffic and behaviors of our employees.

We try our best to do each of the things recommended by the Center for Digital Government – with many controls in place, but we’re certainly not perfect. 

Can you share any experiences?


Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist and author. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan State Government. Dan was named: "CSO of the Year," "Public Official of the Year," and a Computerworld "Premier 100 IT Leader." Dan is the co-author of the Wiley book, “Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering From Inevitable Business Disruptions.” Dan Lohrmann joined Presidio in November 2021 as an advisory CISO supporting mainly public sector clients. He formerly served as the Chief Strategist and Chief Security Officer for Security Mentor, Inc. Dan started his career at the National Security Agency (NSA). He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US / UK military facility. Lohrmann is on the advisory board for four university information assurance (IA) programs, including Norwich University, University of Detroit Mercy (UDM), Valparaiso University and Walsh College. Earlier in his career he authored two books - Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD For You: The Guide to Bring Your Own Device to Work. Mr. Lohrmann holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

More from this author