Sixty-three percent of employers predict that employees will spend three hours or more shopping online during company time over the next two months, according to a Pan-European survey conducted among members of the global IT consultancy association, ISACA.
Business and IT leaders responding to the survey believed that employees at their organisations will use work computers and mobile devices in their shopping sprees in the run up to the holiday season, thereby negatively impacting productivity and creating increased security risks.
The impact on a company's bottom line is estimated to be substantial, with 48% of business and IT leaders predicting their organisations will lose over €700 per employee as a result of employees shopping online during work hours (this could cost €7 million for an enterprise with 10,000 employees who shop online at work ). Sixteen percent predict that the cost could be as high as €10,000 per employee.
Business and IT leaders from 30 European countries, including the UK, France, Germany, Italy and Spain, identified the following activities related to online shopping as high risk:
* Clicking on links in e-mail messages from unknown senders to access online shopping sites (42% )
* Accessing social networking sites for personal use from work-supplied computers or smart phones (32% )
* Using mobile shopping applications on work-supplied devices (30% )
* Downloading personal files, including music (56% )
* Losing a work-supplied computer or smart phone—ranked the biggest risk of all (68% )
"When workers use equipment provided by their employers for personal purposes, such as shopping online for holiday items, not only is productivity reduced, but computers are also exposed to malware, phishing and other attacks that potentially compromise data. It is surprising that 57% of organisations do not even try to restrict the use of work e-mail addresses for personal online shopping or other online non-work-related activities," said Paul Williams, chair of ISACA's Strategic Advisory Council.
"The number of portable computers and mobile devices in the workplace is increasing, so companies need to create realistic security policies that let employees stay mobile without compromising the company's intellectual property. To balance productivity and security, the IT mantra should be embrace and educate," said Mark Lobel, mobile security project leader with ISACA and a principal at PricewaterhouseCoopers.
Full results of the survey are available at www.isaca.org/online-shopping-risks