According to a study published yesterday by ISACA, a nonprofit association of IT professionals, many end users are planning to do hours of online shopping from their office computers this holiday season, and their efforts could threaten system security.
The study, which surveyed 973 consumers and more than 3,100 IT professionals, indicates that 63 percent of employees plan to shop online from their workplace computers.
The most prolific shoppers are those in the 18-24 age bracket. Forty percent of those in this bracket said they will spend up to five hours doing online shopping from their desks. Ironically, this group is the least concerned about the security of their work PCs -- almost half said they pay more attention to the security of their home machines than to the security of their office machines.
"This survey clearly shows that younger employees are more likely to engage in online activities at work that put a business's IT infrastructure at risk," said Kent Anderson, a member of ISACA's Security Management Committee. "The fact that [they] are planning to spend the equivalent of more than half a workday doing holiday shopping from their work computer, combined with their lack of concern for how secure their computer is, points to an urgent need for employee education."
Providing a workplace e-mail address to an online retailer can leave a computer network open to a variety of threats, ISACA observed. "Yet more than two in 10 (22 percent) respondents have clicked on an email link to go to a retailer's Website from their workplace computer and used their company email address as the contact for a purchase," the study says. "In addition, one in four (26 percent) respondents either does not check or is unsure how to check the security of a site before making a purchase."
In a parallel survey of IT professionals, ISACA found that nearly half (46 percent) believe that their companies will lose an average of $3,000 or more in productivity per employee from online holiday shopping at work. More than half (55 percent) also reported that their company permits workers to shop online, but has no strategy for educating them about the risks.