Press Release

About ISACA

ISACA Survey: IT Professionals in Africa Expect Employee Online Shopping to Increase Risk

Rolling Meadows, IL, USA (1 November 2011)—With the development of faster Internet service and the skyrocketing use of smartphones, the number of Africans shopping online has dramatically increased in recent years. According to the 2011 Shopping on the Job Survey: Online Holiday Shopping and BYOD Security, conducted by global information technology association ISACA, 50% of the 318 IT professionals surveyed in Africa believe that employees will increase their online holiday shopping during work hours this year, posing increased risk to the enterprise.

The 2011 Shopping on the Job survey received responses from 4,740 ISACA members in 84 countries in Africa, Asia, Europe, Latin America, North America and Oceania. The results identify similarities and differences in attitudes and behaviors related to the risk and benefits associated with online shopping and the blurring use of personal and work devices.

Among the similarities found in all regions, most participants expect that their employees will spend between 1-2 hours shopping online using work-supplied computers and another 1-2 hours using personal mobile devices during work hours. The majority of respondents in all countries believe that the risk that results from using personal mobile devices for work activities—a growing trend known as “bring your own device” (BYOD)—still outweighs the benefits (62% of African respondents).

“As enterprises around the world increasingly allow employees to use personal mobile devices for work activities, it is critical for enterprises to take an ‘embrace and educate’ approach: embrace the technology and the benefits it brings, while educating employees about how to minimize the risk,” said Ken Vander Wal, CISA, CPA, international president of ISACA. “Enterprises need to have proactive plans in place to manage the significant risk that employees’ use of personal devices for work activities poses, which include the fact that there are fewer controls over the information and more opportunities for activities that could compromise the data.”

BYOD in Africa

The majority of IT professionals in Africa consider using a work-supplied device to click on an e-mail link to access a shopping site (62%), access a social networking site (50%), use mobile shopping applications (47%), and download personal files or music (64%) to be high-risk activities. And, while 66% percent of respondents say their enterprises have technology in place to protect against web-based attacks and 46% say their enterprises restrict employees’ use of IT assets and time for personal purposes due to security concerns, many (40%) are still allowing the use of work-supplied devices for personal use and online shopping. However, several enterprises appear to draw the line when it comes to accessing social networking or daily deal sites from a work-supplied device (73% limit or prohibit this activity).

While the use of applications with geolocation capabilities is increasing worldwide, 53% of African respondents say that their enterprises do not provide guidance on security issues regarding the use of geolocation services on smartphones and other devices. Many geolocation features can be advantageous, but employees need to be educated on when and how to enable them, and when to turn them off. ISACA’s five-step ROUTE provides guidance for employees to minimize geolocation risk:

Read mobile app agreements to see what information you are sharing.
Only enable geolocation when the benefits outweigh the risk.
Understand that others can track your current and past locations.
Think before posting tagged photos to social media sites.
Embrace the technology, and educate yourself and others.

“In Africa, as in the rest of the world, the line between work and personal mobile devices is blurring. Along with this risky overlap are the added elements of geolocation applications and increased use of electronic payment options,” said Brian Barnier, CGEIT, CRISC, member of ISACA’s Risk IT framework development team. “Enterprises must deeply understand technology related risk to the business. For example, mobile money transfers can benefit rural areas and widely open a door to fraud.”

View full survey results. Additional information on securing mobile devices is available at www.isaca.org/mobile-devices.

About the 2011 ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security

The ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security, now in its fourth year, helps gauge current attitudes and organizational behaviors related to the risk and rewards associated with online shopping, and the blurring boundaries between personal and work devices. The study is based on October 2011 online polling of 4,740 ISACA members from 84 countries, including 318 members from Africa. At a 95 percent confidence level, the margin of error for the total sample is +/- 2.8 percent. View full results.
About ISACA

With 95,000 constituents in 160 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations.

ISACA continually updates COBIT, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

Follow ISACA on Twitter: http://twitter.com/ISACANews

Join ISACA on LinkedIn: ISACA (Official), http://tinyurl.com/42vbrlz

Like ISACA on Facebook: www.facebook.com/ISACAHQ

Collaborate with ISACA members: www.isaca.org/knowledge-center

Contact:

Kristen Kessinger, +1.847.660.5512, news@isaca.org
Joanne Duffer, +1.847.660.5564, news@isaca.org


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC


COBIT 5 Home
Product Family
Education and Training
News
Recognition
Join the Conversation
Looking for COBIT 4.1?