Employees will do less online shopping from their work devices this holiday season compared to last year, but they are increasingly engaging in activities that bring higher risks to their organizations, according to the new Shopping on the Job: ISACA’s Online Holiday Shopping and Workplace Internet Safety Survey. This is a mixed bag of results.
On one hand, it sounds as though our messages about the importance of protecting corporate data and devices are reaching their intended audiences. Only 23 percent of employees plan to use a work-supplied device to shop online during the 2010 holiday season. This compares well to the 52 percent who reported doing this activity in 2009. The time spent shopping online from a work device has also decreased, with six hours planned in 2010 compared to 14 hours in 2009. But if you delve deeper, there is a bit of a disconnect. The survey also shows an increase in people performing risky actions with their work devices. Workers are more likely to click on links in e-mails, access social networking sites for personal use, provide their work e-mail address to shopping sites and download personal files this year compared to 2009.
This is happening mainly because the lines between work life and personal life are increasingly overlapping. People are working long hours and, as such, need to perform some personal activities on their work-supplied devices. In addition, they are becoming much more comfortable with newer technology such as smart phones, tablet computers and netbooks. They know that a lot needs to get done, and these devices provide a way to do it.
But a word of caution is required here. Mobile devices are often less secure than their deskbound counterparts because they usually use wireless networks outside of the company’s “safe” zone and data on them are frequently not encrypted. And sometimes it’s not even a technical issue. I was at an airport recently when a teenager waiting for a flight noticed that a smart phone had fallen out of the pocket of a multitasking businessman in line to board the next flight. The phone was reunited with its extremely grateful owner, but this incident could have had disastrous consequences if the teenager had not been sharp-eyed or if he hadn’t displayed such honesty. A lot of damage can be inflicted if someone accesses the information most people keep on their smart phones—especially when the phone’s owner is known to be out of contact range (e.g., on an airplane) for the next few hours.
Educating workers is a continual process that changes as work habits evolve and as new technology is introduced. Now please excuse me while I find a good web site to order some flowers for my sister’s birthday—on a secure network and using secure a browser, of course.
Emil D’Angelo, CISA, CISM
International President, ISACA
Senior Vice President, Bank of Tokyo Mitsubishi UFJ, USA
We welcome your comments! Please log in using the Sign In button at the top right of this page and then leave your comment in the box at the end of the post.
To view all blog posts, please click on the ISACA Now button in the blue box on the left.