ISACA Survey: IT Professionals in Canada Expect Employees’ Online Shopping to Increase Risk This Holiday Season

Taken from BlogRolling Meadows, IL, USA (1 November 2011)—With the skyrocketing use of smartphones, the number of consumers shopping online has increased dramatically in recent years. According to the 2011 Shopping on the Job Survey: Online Holiday Shopping and BYOD Security, conducted by the nonprofit global IT association ISACA, more than half of the 240 IT professionals surveyed in Canada believe that employees will spend at least 3 hours shopping online with a work device and at least 3 hours with a personal device they also use for work.

More than 4,700 ISACA members in Africa, Asia, Europe, Latin America, North America and Oceania participated in the 2011 Shopping on the Job survey. The results identify attitudes and behaviors related to the risk and benefits associated with online shopping and the blurring use of personal and work devices. 

Nearly half (48%) of respondents from Canada believe that the risk from using personal mobile devices for work—a growing trend known as “bring your own device” (BYOD) —still outweighs the benefits. 

“As enterprises increasingly allow employees to use personal devices for work, it is important to embrace the benefits of the technology while educating employees on minimizing risk,” said Ken Vander Wal, CISA, CPA, ISACA international president.


ISACA offers tips for employees with personal devices also used for work:

  • Understand policies you agree to for connecting to corporate networks.
  • Understand what happens if your organization considers your device a security risk.
  • Follow ISACA’s 5-step “ROUTE” for geolocation.
  • Enable security features, including encryption and passcodes.
  • Ensure you have current operating systems and updates. 

IT professionals in Canada consider using a work-supplied device to click on an e-mail link to a shopping site (53%), access a social networking site (40%), use mobile shopping applications (38%), and download personal files or music (57%) to be high-risk activities. While 35% say their enterprises restrict employees’ use of IT assets for personal purposes due to security concerns, more (48%) still allow the use of work-supplied devices for personal use to promote work-life balance. However, many enterprises (64%) limit or prohibit social networking or daily deal sites from a work-supplied device.  

While the use of applications with geolocation is increasing, 56% of Canadian respondents say their enterprises don’t provide security guidance on it. Geolocation services can be valuable, but employees need education on when to enable and disable them.


“In Canada, and globally, lines between work and personal mobile devices are blurring. Along with this risky overlap are the added elements of geolocation and increased use of electronic payment,” said Brian Barnier, CGEIT, CRISC,member of ISACA’s Risk IT development team. “Enterprises must understand technology-related risk. For example, mobile money transfers can benefit rural areas, but open a door to fraud.”


View full survey results. Guidance on securing mobile devices is available at