New research from ISACA suggests that US consumers with 'work-supplied' computing devices intend, on average, to spend nine hours shopping for gifts on them during the forthcoming holiday season. When it comes to the Bring Your Own Device (BYOD) brigade, those who use personal mobile devices for work, that average goes up to 12 hours.
According to ISACA’s 2012 IT Risk/Reward Barometer, those who mix their time between work-supplied computers and their own mobile devices will happily reveal email addresses (58%) and mother's maiden name (15%) in order to garner a 50% discount on a $100 item. This behavior leaves them open to targeted fraud and social engineering attack, and exposes their employers to a greater risk surface for good measure.
And they know it, or at least the majority would appear to as 53% agreed that they felt sharing information online had become much riskier over the last 12 months. Not that you would realise it from their actions when the research also reveals that 65% don't bother to verify the security settings of online shopping sites; 36% have link-clicked from social media sites using their work devices; 19% use work email addresses for personal activities such as online shopping; 12% store work passwords on personal devices and 11% use cloud-based services to store work-related documents without their company’s knowledge or consent.
What's more, half of the IT professionals questioned reckon that the risk of BYOD outweighs the benefits. "Companies that embrace BYOD should implement security awareness training" said Robert Stroud, ISACA Strategic Advisory Council member and vice president at CA Technologies. "ISACA recommends an embrace-and-educate approach as the best way of getting the benefits of BYOD while mitigating the associated risks."
John Pironti, an ISACA advisor and president of IP Architects LLC, says "the 2012 IT Risk/Reward Barometer shows a significant gap between what people believe and how they act. Despite considerable concern about their online privacy and security, consumers are simply not willing to give up behaviors that IT departments find to be high-risk. Enterprises need to balance employee reward and IT risk when it comes to mobile connectivity."
ISACA has also conducted another survey which reveals that businesses, on average, will lose at least $15,000 in productivity as a direct result of employee online shopping habits during work time according to some 37% of those questioned. Nearly a quarter of those asked firmly believed that the average employee will spend in excess of two whole days shopping online at work using a personal device.
