Press Release

About ISACA

ISACA Survey: IT Professionals in Oceania Predict Increased Online Shopping at Work

Despite increased risk, Oceania enterprises embrace personal use of enterprise devices for work-life balance

Rolling Meadows, IL, USA (1 November 2011)—The proliferation of smartphones will likely drive online shopping rates even higher this holiday season. According to the 2011 Shopping on the Job Survey: Online Holiday Shopping and BYOD Security, conducted by global information technology association ISACA, nearly half (47%) of the IT professionals surveyed in Oceania (Australia, New Zealand and Papua New Guinea) believe that employees will increase their online holiday shopping during work hours this year, posing increased risk to the enterprise.

More than 4,700 ISACA members from 84 countries in Africa, Asia, Europe, Latin America and Oceania participated in the 2011 edition of the Shopping in the Job survey. The results identify similarities and differences in attitudes and behaviors related to the risk and benefits associated with online shopping and the blurring use of personal and work devices.

Among the similarities found in all regions, most IT professionals surveyed expect that their employees will spend between 1-2 hours shopping online using work-supplied computers and another 1-2 hours using personal mobile devices during work hours. Quite differently, however, a greater percentage of respondents in Oceania (44%) than in any other region reported that the risk and benefits of using personal mobile devices for work purposes—a trend known as “bring your own device” (BYOD)—are appropriately balanced. In all five other regions, respondents reported that they believe the risk outweighs the benefits.

“It is encouraging to see that respondents in Oceania are taking an ‘embrace and educate’ approach: embrace the technology and the benefits it brings, while educating employees about how to minimize the risk,” said Ken Vander Wal, CISA, CPA, international president of ISACA. “BYOD has value to enterprises, if the risk is properly controlled and employees are equipped with security awareness training and tips.”

Additionally, Oceania respondents appear to believe that embracing technology can result in happier employees—55% say their enterprises allow employees to use corporate devices and time for personal purposes to promote work-life balance, and many (42%) specifically allow the use of work-supplied devices for online shopping. However, 63% of enterprises seem to draw the line when it comes to accessing social networking or daily deal sites from a work-supplied device, and choose to limit or prohibit this activity.

The majority of IT professionals in Oceania (70%) say that an employee losing or misplacing a work-supplied computer or smartphone poses a high risk to the enterprise. They also note that downloading personal files or music onto a work-supplied computer or smartphone is a high-risk activity (51%). Seventy-eight percent of respondents say their enterprises have technology in place to protect against web-based attacks.

While the use of applications with geolocation capabilities on mobile devices is increasing worldwide, 65% of Oceania respondents say that their enterprises do not provide guidance on security issues regarding the use of geolocation services on smartphones and other devices. Many geolocation features can be advantageous, but employees need to be educated on when and how to enable them, and when to turn them off. ISACA’s five-step ROUTE provides guidance for employees to minimize geolocation risk:

Read mobile app agreements to see what information you are sharing.
Only enable geolocation when the benefits outweigh the risk.
Understand that others can track your current and past locations.
Think before posting tagged photos to social media sites.
Embrace the technology, and educate yourself and others.

“In Oceania, as in the rest of the world, the line between work and personal mobile devices is blurring. Along with this risky overlap are the added elements of geolocation applications and increased use of electronic payment options,” said Brian Barnier, CGEIT, CRISC, member of ISACA’s Risk IT framework development team. “The mobile technology world is here to stay, and enterprises should be keenly aware of and plan for the resulting risk, in order to reap the benefits of the technologies available.”

View full survey results. Additional information on securing mobile devices is available at www.isaca.org/mobile-devices.

About the 2011 ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security

The ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security, now in its fourth year, helps gauge current attitudes and organizational behaviors related to the risk and rewards associated with online shopping, and the blurring boundaries between personal and work devices. The study is based on October 2011 online polling of 4,740 ISACA members from 84 countries, including 145 members from Oceania. At a 95 percent confidence level, the margin of error for the total sample is +/- 2.8 percent. View full results.
About ISACA

With 95,000 constituents in 160 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations.

ISACA continually updates COBIT, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

Follow ISACA on Twitter: http://twitter.com/ISACANews

Join ISACA on LinkedIn: ISACA (Official), http://tinyurl.com/42vbrlz

Like ISACA on Facebook: www.facebook.com/ISACAHQ

Collaborate with ISACA members: www.isaca.org/knowledge-center

Contact:

Kristen Kessinger, +1.847.660.5512, news@isaca.org
Joanne Duffer, +1.847.660.5564, news@isaca.org


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC


COBIT 5 Home
Product Family
Education and Training
News
Recognition
Join the Conversation
Looking for COBIT 4.1?