Taken from BlogLondon, UK (1 November 2011)—UK consumers say they’ll spend more time shopping online than in 2010. But according to the UK edition of ISACA’s fourth Shopping on the Job Survey, two-thirds of this time will be on devices also used for work, posing significant risk to enterprises.
The 2011 ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security found that UK respondents plan to spend 29 hours shopping online this holiday season, 23 of which will be spent on a work device or a personal device also used for work—the BYOD (bring your own device) trend—and 9 of which will take place during work hours.
Research published independently during October, by the Office of National Statistics, shows that £1 in every £10 is now spent online. Unsurprisingly, ISACA’s study found that 50 percent of employees say they will spend more time holiday shopping online this year than last year, so enterprises need to manage risky behaviours.
ISACA, an independent nonprofit association of 95,000 IT audit, security and governance professionals, conducted the Shopping on the Job Survey in two parts: consumer surveys in the US and the UK, and a global survey of more than 4,700 of its members in 84 countries.
Use of personal devices for work—typically more difficult to secure than work devices—means sensitive corporate information may be compromised.
“The UK consumer survey shows that 54 percent of employees have a personal device they use for work. BYOD is here to stay,” said Marc Vael, director, ISACA. “However, since most ISACA members say the risk outweighs the benefits, education is strongly needed.”
Fully 75 percent of UK consumers say they would turn off location tracking because of risk like stalking or identity theft. More than a third of UK consumers (40 percent) have clicked on a social media link and 15 percent click on e-mail links from unknown sources.
“ISACA’s fourth online holiday shopping survey shows employees are unwittingly risking bringing viruses and malware into work. New this holiday season is growing BYOD, so organizations must focus on embracing emerging technology and educating employees on security,” said Ken Vander Wal, CISA, CPA, international president of ISACA.
ISACA offers tips for employees:
- Find out if your company has a policy for using personal devices for work.
- Understand what happens if that device is lost.
- Follow ISACA’s five-step “ROUTE” for geolocation.
- Encrypt and password-protect sensitive data on the device.
- Only load apps from a trusted provider.
The UK consumer survey shows that 10 percent say their organizations don’t have a policy prohibiting or limiting personal activities on work devices and 20 percent don’t have a policy regarding work activities on personal devices.
“There is a gap between what IT departments do and what employees understand,” said Christos Dimitriadis, international vice president, ISACA, and head, information security, INTRALOT S.A. “Corporate IT security professionals need to raise their game to secure systems against the risk involved.”
View global survey results.