Over 40% of organisations think they are going to lose an
average of £2,000 or more in productivity per employee from
online xmas shopping at work during November and December.
ISACA, a nonprofit association that serves IT security,
assurance and governance professionals globally, has carried out a
UK survey of members to look at the latest trends in online
shopping and workplace internet safety.
The ISACA survey of 250 members found that a mere 21% of members
said their organisation's employees fully understood the risks
associated with shopping online from their workplace computers.
More than 82% said their organisation either does not have or
they are not aware of a policy that prohibits employees from
shopping online.
There was also an expectation that there would be more online
shopping from the work place than last year, with more than 51%
predicting an increase.
Only 32% of organisations that allow online shopping educate
employees about the risks. Only 31% of organisations prohibit using
a work email address for online shopping or other online non-work
related activities, even though allowing the use of work email can
expose the organisation to greater volumes of spam.
Slightly more than one in 10 organisations had security measures
in place to prevent employees from shopping online at work.
Lynn Lawton, international president of ISACA, said, "The
challenge for organisations is not only to educate workers about
information security, but also to change their behaviour.
"For example, it is one thing to make someone aware that it is
wrong to click on a link from a spam email, but quite another to
change their behaviour so that they do not click on these
suspicious links."