Employers not educating staff about e-shopping from work risks
Organisations that allow employees to shop online using work computers, but do not educate users about risks, are exposing both parties to security threats and loss of productivity in the workplace.
A survey of 86,000 ISACA members found that 21 per cent of respondents said their organisation's employees ‘fully understood’ the risks associated with shopping online from their workplace computers. More than 82 per cent said their organisation either does not have, or they are not aware of, a policy that prohibits employees from shopping online. Only 32 per cent of organisations that permit online shopping educate employees about the risks.
There was also an expectation that there would be more online shopping from the work place than last year (2007), with over 51 per cent predicting an increase.
Slightly over 31 per cent of respondent organisations prohibit using a work email for online shopping or other online non-work related activities, even though allowing the use of work emails can expose the organisation to greater volumes of spam. Over 40 per cent of organisations thought they were going to lose an average of £2,000, or more, in productivity per employee from online holiday shopping at work during November and December.
One third of workers were more concerned about the security of their personal computer than their work computer, but for younger workers aged 18-25, this figure shot up to 49 per cent paying less attention to the security of their employer’s computer. Some 25 per cent of employees either ‘did not check or were not sure how to check’ if a web site was secure before they made a purchase, the survey discovered.