ISACA Survey: IT Professionals in Latin America Say Online Shopping at Work Increases Risk during the Holiday Season

TPL_WARP_ON .

Taken from BlogMexico City (1 November 2011) – As online shopping via mobile devices increases worldwide, risks for enterprises’ information systems grow, too. According to the 2011 Shopping on the Job Survey: Online Holiday Shopping and BYOD Security, conducted by global IT professional  association ISACA, 52% of the 272 IT professionals surveyed in Latin America believe that employees will increase their online holiday shopping during work hours this year.

The increase in online holiday shopping is driven largely by the use of smartphones or tablets worldwide, according to a recent e-Marketer study. Using mobile devices for shopping, especially work-supplied devices, is a high-risk activity. More than half of the ISACA survey respondents in Latin America (59%) say that clicking links to online stores from e-mails presents a high risk to corporate networks and information.

 Despite concerns about employees using work devices for personal activities, only 24% of respondents say their enterprises ban it; 38%  set limits, and 35% allow work devices  to be used for personal activities. The widespread use of geolocation technology is also increasing risk. Yet, 57% of respondents report that their organization has not established security guidance on its use for employees.

“Smartphones are quickly becoming part of our personal and work lives, and the line between the two is increasingly blurring as a result. Implementing security policies and training on using mobile devices will improve risk prevention," said Gustavo Solis-Montes, CISA, CISM, CGEIT, CPA, President of the ISACA Mexico City Chapter.

Global results
The 2011 ISACA Shopping in the Job project surveyed 4,740 ISACA members in 84 countries in Africa, Asia, Europe, Latin America, North America and Oceania. Each region’s results help IT professionals identify trends attitudes and behaviors related to online shopping and use of personal and work devices.

Among the similarities found in all regions, most participants agreed that their employees will spend between 1-2 hours shopping online using company-issued computers during work hours and another 1-2 hours using personal mobile devices during work hours. The regional differences lie in the policies regarding use of IT resources and time for personal activities. In North America and Europe, about 40% of respondents say that their enterprises allow employees’ use of IT assets and time for personal purposes to promote work-life balance. In contrast, about 50 % of respondents from Asia and Latin America said their companies restrict the use of IT resources and time for personal purposes due to security concerns.

As part of its system of risk management and security, companies have specific measures to prevent or limit security incidents related to employees’ risky activities:

  • In North America and Europe, 75% of respondents say their enterprises use technology to protect against web-based attacks.
  • In Asia, 63% say their companies offer training on security awareness.
  • In Latin America, 61% say their enterprise monitors employees’ Internet use.

The majority of respondents in all countries believe that the risk that results from using personal mobile devices for work activities—a growing trend known as “bring your own device” (BYOD)—currently outweigh the benefits. However, as companies increasingly allow employees to BYOD, enterprises must take an “embrace and educate” approach: embrace the technology and the benefits it brings, while educating employees about minimizing the risk. 

View full survey results.

Guidance on securing mobile devices: www.isaca.org/mobile-devices.

  

CISA 

ISACA geeft examentrainingen om de titel CISA te mogen voeren. CISA is een wereldwijd erkend certificaat voor IS audit control. Het toont aan dat u de benodigde ervaring, skills en kennis heeft om veiligheidsrisico's te detecteren en betrouwbare audits uit te voeren.

Lees meer over de CISA-training

CISM

Als CISM bent u in staat om zelfstandig informatieveiligheid te analyseren. ISACA verzorgt een examentraining voor CISM, die zowel ruimte biedt voor het bijspijkeren van kennis als concrete oefeningen voor het examen.

Lees meer over de CISM examentraining