Increased online shopping this holiday season can mean danger for businesses as more and more employees will be bringing their shopping habits to the workplace. Research by the ISACA, a nonprofit professional association, found that holiday shoppers plan to spend an average of 32 hours shopping online during the upcoming holiday season.
More alarming for business owners is that 32 percent of consumers who will shop online this holiday season plan on doing so from a device provided for work or a personal bring your own device (BYOD ) used for work. According to the 2011 ISACA Shopping on the Job Survey, these shoppers plan to spend an average of 18 hours shopping online using mobile devices intended for work use. The 32 percent of consumers planning to shop online represent a 15 percent increase in online shoppers using work- related devices from the year before.
Employees listed convenience as the biggest reason for the jump in online shopping this year with 29 percent of respondents saying it is easier to shop online than in person. While using these devices may be a great convenience for workers, they pose a great risk for employers.
"The consumer survey shows that two-thirds of employees ages 18 to 34 have personal devices they use for work purposes," said Robert Stroud, past international vice president of ISACA. "BYOD is here to stay, so education and precautions are needed."
Despite growing popularity and use of BYOD, employee education on these polices remains low. The research found that 20 percent of employees do not know if their employer has a policy prohibiting using work devices for personal matters. Additionally, 16 percent of respondents said their employers have no IT policy prohibiting using work computers for personal use.
"There is a gap between what IT departments may do and what employees understand," said John Pironti, security adviser with ISACA and president of IP Architects. "Many employees don't realize that, as part of the process of connecting their personal device to the organization’s network, they may have agreed to allow their personal smartphone or tablet to be remotely or locally wiped clean if they lose it or the organization believes it has become compromised while storing confidential data."
The simple solution to this problem is education, say IT professionals.
"ISACA's survey shows that employees are unwittingly adding risk to businesses," said Ken Vander Wal, international president of ISACA. "The role of BYOD is bigger this season, so organizations must embrace its use and educate employees about security."
To that end, the IASCA recommends the following steps for protecting businesses from the growing trend of BYOD.
- Understand policies you agree to for connecting to corporate networks.
- Understand what happens if your organization considers your device a security risk.
- Enable security features, including encryption and pass codes.
- Ensure you have current operating systems and updates.
This research was based on an online polling of 4,740 ISACA members from 84 countries. More than 1,678 members in this polling came from the United States.