Press Release

About ISACA

ISACA Survey: IT Professionals in India Say Growing Bring Your Own Device (BYOD) Trend Increases Risk

Majority of IT leaders surveyed believe that employees’ use of personal devices for work activities exposes the company to information security risk
92 percent of polled IT leaders in India anticipate that employees will spend 2-4 hours shopping online during work hours using work or personal mobile devices

View full survey results.

Mumbai, India (1 November 2011) — India is one of the fastest growing mobile markets in the world and the domestic mobile phone market is increasingly moving towards smartphones. According to the India edition of the 2011 ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security, more than half (56 percent) of IT professionals in India believe that the risk resulting from employees’ use of personal mobile devices for work activities currently outweighs the benefits. Yet, since more than a third of enterprises allow personal devices to be used for work, global IT association ISACA urges enterprises to embrace the technology and the benefits it brings, while educating employees on the potential risk.

The 2011 Shopping on the Job study also examined risky online behaviors at work. Nearly sixty percent of IT professionals in India say that their enterprise prohibits employees from accessing social media web sites from work-supplied devices. Thirty-eight percent limit the use of work-supplied mobile devices for personal use and 45 percent prohibit employees from shopping online using a work-supplied device.

Yet 92 percent of respondents say employees will spend at least 2-4 hours shopping online during work hours, and more than 56 percent say employees will spend 6 hours or more. Fifty-six percent of IT professionals in India believe their enterprise loses between INR 50,000 and INR 2,50,000 per employee who shops online during work hours using work-supplied computers or smartphones. To minimize the costly risk associated with online shopping, 52 percent of the polled companies prohibit the use of work e-mail addresses for personal online shopping and about 56 percent have a security policy that covers mobile devices. Additionally, 70 percent of the organizations provide training on the policy and 68 percent have technology in place to protect against web-based attacks.

Shopping from company-issued devices

“As companies increasingly provide employees with laptops and smartphones—and as others increasingly allow employees to use their own devices at work— work and personal activities continue to blur and risk increases. This results in a increasing risk to the enterprise because of the danger that cookies and other tools used by online sites for gathering information could be potentially be gathering other information from the systems” said Mr. Niraj Kapasi, IT auditor and chair of ISACA’s India Task Force. “Between lost productivity, the dangers of unsecured networks, and the potential to lose or misplace the small items, mobile devices pose many risks that must be managed to obtain their substantial benefits.”

Loss of a company-supplied device is considered high risk to the enterprise by 91 percent of the survey participants.

While the use of applications with geolocation is increasing, 41 percent of respondents in India say their enterprises don’t provide security guidance on it. Geolocation is valuable, but employees need education on when to enable and disable it. ISACA’s five-step ROUTE helps minimize geolocation risk:

Read mobile app agreements to see what information you are sharing.
Only enable geolocation when the benefits outweigh the risk.
Understand that others can track your current and past locations.
Think before posting tagged photos to social media sites.
Embrace the technology, and educate yourself and others.

Full results of the fourth ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security are available at www.isaca.org/online-shopping-risk.

About the 2011 ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security

The ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security, now in its fourth year, helps gauge current attitudes and organizational behaviors related to the risk and rewards associated with online shopping, and the blurring boundaries between personal and work devices. The study is based on October 2011 online polling of 4,740 ISACA members from 84 countries, including 298 members from India. A separate online survey was fielded among 1,224 US consumers by M/A/R/C Research between 27 September and 30 September 2011. At a 95 percent confidence level, the margin of error for the total sample is +/- 2.8 percent. To see the full results, visit www.isaca.org/online-shopping-risk.

About ISACA

With 95,000 constituents in 160 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations.

ISACA continually updates COBIT, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

Follow ISACA on Twitter: http://twitter.com/ISACANews

Join ISACA on LinkedIn: ISACA (Official), http://tinyurl.com/42vbrlz

Like ISACA on Facebook: www.facebook.com/ISACAHQ

Collaborate with ISACA members: www.isaca.org/knowledge-center

Contact

India: Suheil Merchant, Sampark Public Relations, +91 9820252745, suheil.merchant@sampark.com

Divya Tejnani, Ketchum Sampark Public Relations, +91 9323447671, Divya.tejnani@ketchumsampark.com

Kristen Kessinger, ISACA, +1.847.660.5512, news@isaca.org


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC


COBIT 5 Home
Product Family
Education and Training
News
Recognition
Join the Conversation
Looking for COBIT 4.1?