An increasing number of employees are engaging in risky online behaviour using company-supplied computers, a survey has revealed.
Almost half of UK employees admit accessing social networking sites from their work computers, according to ISACA's 3rd annual online shopping and workplace internet safety survey.
Workers are expecting to spend an average of six hours shopping from a work computer or mobile device this holiday season, with a quarter planning to spend at least nine hours.
Increased online shopping opens the door to social engineering and phishing attacks, malware and information breaches, said ISACA adviser John Pironti.
"These can cost companies thousands per employee to correct, millions in compromised corporate data, and severe damage to their reputation," he pointed out.
This year's survey also found that almost half of UK employees who will be shopping online with company devices will do so using an employer-issued portable device.
This increases a company's security risk, the report said, because such devices are often used on wireless networks outside a protected corporate network. They are also lost or stolen more easily, and contain corporate data that is often not encrypted.
"The number of portable computers and mobile devices in the workplace is only going to increase," said Mark Lobel, project leader with ISACA, "so companies need to create a realistic security policy that lets employees stay mobile without compromising the company's intellectual property."
The IT mantra should be "embrace and educate" to balance productivity and security, said Lobel.
In a separate global survey, 68% of businesses ranked the risk of using a mobile shopping application on a work-supplied device as high or moderate. Despite that, 51% allow staff to use work-supplied mobile devices for personal use and 37% let them use their own mobile devices for work.
The shopping and workplace survey revealed that security is not a major worry for employees, with only 3% of UK respondents citing "better security" as a reason for shopping online using a work computer, and just under two-thirds saying they do not use secure browsing technology on work-supplied devices. Half the UK respondents assumed that their IT department kept them up to date on security patches.
This attitude is especially common among young adults aged between 18 and 34 who have grown up with the internet, the report said. They are less likely to use secure browsing technology, the most likely to shop online at work, and are the biggest users of laptops.
"Digital natives are comfortable with blurring the lines between work and play," said Robert Stroud, vice president of ISACA, "which poses new and interesting management challenges for their employers.
"This generation is happy to use their own tablet computer at work or a work-supplied smart phone for shopping or updating Facebook, so they need a new kind of IT security policy that balances access and control."