As we wrap up one of the biggest cybershopping weeks of the year many CEO’s and CIO’s are probably wondering how much time their employees spent shopping online this week and may be overlooking the security implications of this activity. Industry statistics tell us that more than 50% of employees plan to shop from work this holiday season spending up to 5 hours per week shopping online at work. According to research conducted by Robert Half Technology 60% of the 1,400 CIOs it surveyed this year are blocking all access to online shopping sites. Savvy shoppers know that they can get around this by shopping from their smartphones, many of which are also utilized for work purposes. While IT departments may be confident in the security they have set up on their corporate network, the security of BYODs may be questionable.
With the holiday shopping season now in full swing, ISACA has published results for their 2011 Shopping on the Job Survey. This survey examines online activities while using work issued devices.
The results of this survey bring a few questions to mind:
- With the increase in allowing personal devices for work (BYOD Bring Your Own Device) and increase in telecommuting, are companies keeping their security policies updated?
- Are companies doing a poor job of employee awareness training for their corporate policies?
- If the policies are up to date and employees are aware of the policies are companies properly enforcing the policies?
The results point out that online shoppers who are unclear about IT policies are typically using personal devices for work and are less likely to be aware or concerned about Internet safety. The indication is that without full understanding of IT policies, employees tend to rely on their company’s IT department for their security without regard to the risk to their employer. Many organizations tend to provide the policies to new employees then overlook ongoing training as the policies evolve along with the evolution of their processes and regulatory requirements. Employee awareness and enforcement of the policies is crucial to improving security.
Dennis Thrift is Product Champion of Risk and Compliance at Zensar.