Press Release

About ISACA

ISACA Survey: IT Professionals in Canada Expect Employees’ Online Shopping to Increase Risk This Holiday Season

Rolling Meadows, IL, USA (1 November 2011)—With the skyrocketing use of smartphones, the number of consumers shopping online has increased dramatically in recent years. According to the 2011 Shopping on the Job Survey: Online Holiday Shopping and BYOD Security, conducted by the nonprofit global IT association ISACA, more than half of the 240 IT professionals surveyed in Canada believe that employees will spend at least 3 hours shopping online with a work device and at least 3 hours with a personal device they also use for work.

More than 4,700 ISACA members in Africa, Asia, Europe, Latin America, North America and Oceania participated in the 2011 Shopping on the Job survey. The results identify attitudes and behaviors related to the risk and benefits associated with online shopping and the blurring use of personal and work devices.

Nearly half (48%) of respondents from Canada believe that the risk from using personal mobile devices for work—a growing trend known as “bring your own device” (BYOD) —still outweighs the benefits.

“As enterprises increasingly allow employees to use personal devices for work, it is important to embrace the benefits of the technology while educating employees on minimizing risk,” said Ken Vander Wal, CISA, CPA, ISACA international president.

ISACA offers tips for employees with personal devices also used for work:

Understand policies you agree to for connecting to corporate networks.
Understand what happens if your organization considers your device a security risk.
Follow ISACA’s 5-step “ROUTE” for geolocation.
Enable security features, including encryption and passcodes.
Ensure you have current operating systems and updates.

IT professionals in Canada consider using a work-supplied device to click on an e-mail link to a shopping site (53%), access a social networking site (40%), use mobile shopping applications (38%), and download personal files or music (57%) to be high-risk activities. While 35% say their enterprises restrict employees’ use of IT assets for personal purposes due to security concerns, more (48%) still allow the use of work-supplied devices for personal use to promote work-life balance. However, many enterprises (64%) limit or prohibit social networking or daily deal sites from a work-supplied device.

While the use of applications with geolocation is increasing, 56% of Canadian respondents say their enterprises don’t provide security guidance on it. Geolocation services can be valuable, but employees need education on when to enable and disable them.

“In Canada, and globally, lines between work and personal mobile devices are blurring. Along with this risky overlap are the added elements of geolocation and increased use of electronic payment,” said Brian Barnier, CGEIT, CRISC, member of ISACA’s Risk IT development team. “Enterprises must understand technology-related risk. For example, mobile money transfers can benefit rural areas, but open a door to fraud.”

View full survey results. Guidance on securing mobile devices is available at www.isaca.org/mobile-devices.

About the ISACA Survey

The fourth ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security gauges attitudes and behaviors related to online shopping, and the blurring boundaries between personal and work devices. The study is based on October 2011 online polling of 4,740 ISACA members from 84 countries, including 240 members from Canada. View full results.

About ISACA

With 95,000 constituents in 160 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations.

ISACA continually updates COBIT, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

Follow ISACA on Twitter: http://twitter.com/ISACANews

Join ISACA on LinkedIn: ISACA (Official), http://tinyurl.com/42vbrlz

Like ISACA on Facebook: www.facebook.com/ISACAHQ

Collaborate with ISACA members: www.isaca.org/knowledge-center

Contact:

Kristen Kessinger, +1.847.660.5512, news@isaca.org

Joanne Duffer, +1.847.660.5564, news@isaca.org


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC


COBIT 5 Home
Product Family
Education and Training
News
Recognition
Join the Conversation
Looking for COBIT 4.1?