Employers who allow freedom of web use are not educating their staff about online risks.
ISACA has carried out three simultaneous surveys (two in the US and one in the UK) to look at the latest trends in online shopping and workplace internet safety. It has revealed that companies are allowing employees to shop online but do not educate users about risk, exposing them to spam, malware, phishing and loss of productivity in the workplace.
Only 21 per cent of respondents said their organisation's employees fully understood the risks associated with shopping online from their workplace computers. More than 82 per cent said their organisation either does not have, or they are not aware of, a policy that prohibits employees from shopping online.
Thirty two per cent of organisations that allow online shopping educate employees about the risks. Despite this, over 40 per cent of organisations thought they were going to lose an average of £2,000 or more in productivity per employee from online holiday shopping at work during November and December.
Just over one in 10 organisations had security measures in place to prevent employees from shopping online at work.
In a separate survey of 973 US consumers, ISACA found that 63 per cent of employees plan to shop online from their work computer during November and December, but 26 per cent do not know how to, or do not bother to check, whether a website is secure.
One third of workers were more concerned about the security of their personal computer than their work computer, but for younger workers aged 18-25, this figure rose up to 49 per cent paying less attention to the security of their employer's computer. A quarter of employees either did not check or were not sure how to check if a website was secure before they made a purchase.
Lynn Lawton, international president of ISACA and the IT Governance Institute, said: “Shopping from the workplace looks set to continue, especially with the increased pressures inevitable in a recessionary environment. It is clear that more needs to be done to improve employee awareness of the hidden dangers of shopping online, particularly regarding clicking on links from unsolicited emails or making sure that a website is safe before shopping.
“The challenge for organisations is not only to educate workers about information security, but also to change their behaviour. For example, it is one thing to make someone aware that it is wrong to click on a link from a spam email, but quite another to change their behaviour so that they do not click on these suspicious links.”