Vintage Filings Business Blog

Four out of 10 Americans ages 18-24 will spend up to five hours shopping online using their work computer this holiday season. This same age group is the least worried about the vulnerability of their work computers, creating an increased risk of spam, viruses and phishing attacks in the workplace, according to the recent “Shopping on the Job: Online Holiday Shopping and Workplace Internet Safety” survey conducted by ISACA, a nonprofit association of IT professionals.

The survey examined how much time employees will spend in November and December shopping online from work, how aware they are of online security, and whether they comply with employer policies for online shopping.

Overall, 63 percent of people of all ages surveyed plan to shop online during the holiday season from their workplace computers. Older Americans are less likely to shop from work than those in the 18 to 24 group, who make up the majority of “Millennials”—a demographic typically described as being more tech-savvy, more concerned about work/life balance and less loyal to their employers than other age groups.

Millennials were also found to worry less about the vulnerability of their work computer than their personal computer. Close to half pay more attention to the security of their home computer, whereas almost two-thirds of workers over age 25 are equally concerned with both.

“This survey clearly shows that younger employees are more likely to engage in online activities at work that put a business’s IT infrastructure at risk,” said Kent Anderson of ISACA’s Security Management Committee. “The fact that Millennials are planning to spend the equivalent of more than half a work day doing holiday shopping from their work computer, combined with their lack of concern for how secure their computer is, points to an urgent need for employee education.”

Anderson added that the key is to educate people of all ages on ‘why’ they need to care about security in addition to ‘how’ they should ensure their transactions are secure.

Providing a workplace e-mail address to an online retailer can leave a computer network open to a variety of threats and productivity wasters including spam, phishing attacks and viruses. Yet more than two in 10 respondents have clicked on an e-mail link to go to a retailer’s web site from their workplace computer and used their company e-mail address as the contact for a purchase. In addition, one in four respondents either does not check or is unsure how to check the security of a web site before making a purchase.

Cost of Holiday Shopping –$3,000 or More per Employee

Nearly half of the survey participants believe their company is losing an average of $3,000 or more in productivity per employee from online holiday shopping at work.

More than half also reported that their company permits workers to shop online but has no strategy for educating them about the risks. More than 3,100 respondents across the US participated in the parallel survey in October 2008.

“With the economy in such a volatile state, people are working long hours and are facing increased pressure to succeed,” said John Pironti of ISACA’s Education Board. “The survey results show that there needs to be a common-sense balance between security awareness and employee compliance.”

Tips for Safer Holiday Shopping From the Office Computer

Employees and IT departments should take the following steps to reduce the risk of spam, viruses and inadvertent downloading of backdoor “agents” that can highjack corporate data.

For online shoppers:

1. Make sure web sites you connect to are using SSL encryption while you are entering personal information.
2. Do not allow sites to save your username or password. Avoid providing your work email address as your contact information.
3. Delete cookies from your computer after you are finished shopping.
4. Use separate browser sessions for your holiday shopping versus your work-related browsing.
5. If it looks too good to be true, it probably is. Do not download free games, ringtones, wallpapers or animations onto your work computer.

For the IT department:

1. Train employees on safe computing just prior to the holiday shopping season and follow up with periodic reminders.
2. Tailor education programs to match the various demographics, attitudes and technology know-how of groups within the workplace.
3. Conduct formal risk and threat assessments and update your Acceptable Use Policy and security measures appropriately.
4. Make sure that patches are deployed, security functions are enabled, and firewall rules, intrusion detection system (IDS) signatures, and spam filters are updated regularly.
5. Monitor networks for high-volume or suspicious traffic and respond immediately to threats. Remind employees to sound the alarm if suspicious events occur.