Online purchases at work pose security risks & lose companies nearly HK$4,000 per employee, per month.
More than half of IT professionals and managers in Hong Kong expect employees in the territory to spend more time shopping online from a work-supplied computer this holiday season than they did a year ago. This according to the Hong Kong edition of The Third Annual Shopping on the Job: ISACA’s Online Holiday Shopping and Workplace Internet Safety Survey. The survey shows a clear upward trend of employees using their work-supplied computers for online shopping in Hong Kong. About 53% of respondents thought employees would spend more time on online shopping during this holiday season than last year, while another 40% think employees would spend about the same amount of time compared to last year.
IT managers in Hong Kong will allow employees more ability to shop online on work computers during this holiday season, while at same time more sophisticated security measures are put in place. This year only 13% of IT professionals plan to prohibit employees from shopping online on work computers, compared to 18% last year. However, 29% of the IT professionals say they set limits to prevent employees from accessing certain sites to reduce the risk of security breaches. Over 60% of IT professionals are now following an ‘embrace and educate’ model and are implementing less restrictive approaches to improve the level of security for employees’ online shopping activities. This is done together with training on security policies.
Michael Yung, President, ISACA China Hong Kong Chapter highlighted, “Employees who shop online on work computers not only reduce productivity, but also open the door to social engineering, phishing attacks, malware and information breaches that can cost companies thousands per employee to correct, millions of dollars in compromised corporate data, and severe damage to their reputation.”
The survey also shows that almost half of the respondents believe their organisation loses up to about HK$7,800 per employee as a result of an employee shopping online during work hours in November and December. Mark Lobel, CISA, CISM, CISSP, mobile security project leader, ISACA suggested, “The number of portable computers and mobile devices in the workplace is increasing—so companies need to create realistic security policies that let employees stay mobile without compromising the company’s intellectual property. To balance productivity and security, the IT mantra should be embrace and educate.”
Paul Arkwright
Publisher
