ISACA Survey: Online Christmas Shopping - grab a bargain- but what’s the risk?
December 2011 by ISACA
More people than ever are using their personally owned smartphones to send and receive e-mails, browse the Internet, shop online and visit social media sites-as well as perform work activities or even connect to the company network. And with the holiday season fast approaching, it is perhaps not surprising that more than half of employees in the UK will do more online shopping this year than they did last year. According to ISACA’s 2011 Shopping on the Job: Online Holiday Shopping and BYOD Security survey, 50% of UK employees questioned will use their smartphones to shop online between early and mid-December. As the line between personal and work devices continues to blur, potentially putting corporate data at risk, it is critical for companies to embrace the technology, and educate their employees on the risk.
The survey shows that shoppers are moving toward online shopping from smartphones to get bigger bargains and avoid crowds. Dipping into the research, ISACA, a global, non-profit professional association, found that 13% of respondents choose to shop online because e-shopping is faster than brick-and-mortar shopping, and 30% say they primarily shop online because it is easier than heading to the stores.
About one in 10 online shoppers uses shopping apps-although it is interesting to note that a number of users are concerned about their revealing their geolocation, with a hefty 75% saying they would turn off user location tracking because of fears surrounding stalking and identity theft.
And it’s not just geolocation that has online Christmas shoppers worried, as many users reported they were concerned about smartphone security generally. Nearly 10% of respondents use work-supplied smartphones, while 54% say they use personal devices for work, showing a growing trend known as bring your own device (BYOD)-there is not just a risk to the user’s device and data, but also to the user’s employer.
Half of the UK respondents to the ISACA survey said they are more concerned with protecting the security of their own PC or smartphone than their work-supplied computer or smartphone. A quarter of respondents said they are not concerned that shopping online at work may affect their organisation’s IT network.
Commenting on these results, Marc Vael, director at ISACA and chair of the association’s Knowledge Board, said the number of people who are not concerned about their organisation’s IT network is concerning, as well as the number of employees who use a personal device for work.
"As they are grabbing online deals and buying gifts for loved ones with their work-supplied devices-or personal devices also used for word-employees also have to be aware that they are placing not only their own security, but also their organisation’s information, at risk," Vael said. "It is important to provide education and take precautions since the BYOD trend is here to stay."
It’s with this in mind that ISACA provides tips to help employees manage their personal smartphones, tablets or notebooks that they also use for work activities:
– Find out if your company has a policy for using personally owned devices for work activities.
– Understand what happens if that device is lost or stolen.
– Follow ISACA’s five-step "ROUTE" for informed use of geolocation.
– Sensitive data stored on mobile devices should be encrypted and password-protected.
– Only load apps from a trusted provider.
"There is a distinct gap between what IT departments may do and what employees understand or know about," said John Pironti, CISA, CISM, CGEIT, CRISC, CISSP, security advisor with ISACA and president of IP Architects. "For example, many employees do not realize that, as part of the process of connecting their personal device to the organization’s corporate network, they may have agreed to allow their personal smartphone or tablet to be remotely or locally wiped clean if they lose it or the organization believes it has become compromised while storing confidential data. Setting a policy for the use of personal smart devices and effectively communicating it to employees are crucial."
The complete survey results are available at www.isaca.org/online-shopping-risk.