With the holidays quickly approaching, many employees are sneaking in shopping time whenever and wherever they can. A recent ISACA survey revealed that a whopping 63 percent of respondents intend to do at least part of their holiday shopping on their work computers. Unfortunately, this automatically increases the risk of threats such as spam and viruses infiltrating workplace equipment.
“This is something we’ve seen steadily increasing over the past 10 years,” said Kent Anderson, managing director of Encurve LLC, an information security consulting company. “As people become more familiar with [the Web], [and] as traffic and gas prices go up, there’s the draw to shop online — and most people do that from work.”
However, employers must understand the dangers of employees’ online shopping activities.
“One that would concern me as a security professional is the use of e-mail to receive information to do credit transactions,” Anderson said. “It’s opening up the corporation to unwanted e-mail coming in, [as well as] malicious software coming in through phishing exercises.”
The risk might be mitigated if employees stick with trusted brand names, Anderson added. However, given the current economic climate, many employees undoubtedly will be hunting for bargains, which could lead them to unreliable Web sites.
Then there are the intangible costs associated with online shopping. A related survey of ISACA members found that online holiday shopping cost almost half of organizations about $3,000 in lost productivity per employee.
“Let’s say you have an organization of 1,000 employees,” Anderson said.…
Please log in or subscribe to read this article