According to a recent survey conducted by ISACA, a global association of 95,000 information technology (IT) professionals, nearly half of IT leaders in India anticipate that employees will spend more time shopping online using work-provided computers and mobile devices this year than they did last year.
Although 48% of participating professionals say their companies limit employees’ online shopping during work hours by preventing access to certain sites and 41% prohibit access to social networking sites, respondents still estimate an increase in the number of hours their employees will spend shopping online this festive season in India—with 54% saying employees will spend 3 or more hours shopping online using a company-issued device.
Shopping from company-issued devices
As companies increasingly provide employees with laptops and smart phones, work and personal activities continue to blur—and risks increase. Between lost productivity, the dangers of unsecured networks and the potential to lose or misplace the small items, mobile devices pose many risks that must be managed to obtain their substantial benefits. Loss of a company-supplied device is considered a high-risk activity by 87% of the participants.
“Employees are working longer hours and have less spare time, so the availability of free access on work-supplied devices is seen as a convenient means for accomplishing personal tasks at work, including online shopping. Although employees may consider this a good use of their time, what they do not realise is the security risk their companies face due to these activities,” said Niraj Kapasi, IT Auditor and Chair of ISACA’s India Task Force. “Because it is unrealistic to eliminate personal activities such as online shopping, ISACA recommends an ‘embrace and educate’ approach, where companies enable usage, but have a thorough security policy and controls in place to minimise the risks.”
High-risk activities related to online shopping
The ISACA survey also reveals that clicking links in e-mail messages from unknown senders, accessing social networking sites and downloading personal files and music are considered to be risky activities employees engage in using a work-supplied device. These high-risk activities open doors to potential security breaches and virus threats that can cost companies thousands in lost productivity and potentially millions in destruction of corporate data and damage to reputation.
Shopping on the job costs companies INR 50,000 or more per employee
More than a third of IT leaders in India believe that each employee who shops online using a work-issued device costs the company INR 50,000 or more. To minimise the costly risks associated with online shopping, 57% of the polled companies prohibit the use of work e-mail addresses for personal online shopping and about 63% have a security policy that covers mobile devices. Additionally, 62% of the organisations provide training on the policy and 63% have technology in place to protect against web-based attacks.
ISACA’s tips for safe shopping from work-issued devices
ISACA recommends the following tips to minimise the risks of online shopping using company-issued devices.
For employees/online shoppers:
- Do not click on an e-mail or web link that is from an unfamiliar sender or looks too good to be true.
- Use a privacy screen shield on your mobile devices.
- Password-protect your mobile device and its memory card.
- Ensure that the security tools and processes protecting your work-supplied mobile devices are kept up to date. If unsure, ask IT.
For the IT department:
- Team up to with human resources to adopt an “embrace and educate” approach.
- Promote awareness of the security policy.
- Encrypt data on devices.
- Use secure browsing technology.
- Take advantage of industry-leading practices and governance frameworks such as the Business Model for Information Security (BMIS).
Updated Date: Feb 02, 2017 22:49:10 IST