Companies Must Prepare For Frantic Friday Employee Online Shopping

The big freeze that hit the UK at the start of December is likely to be felt in more ways than one. The big freeze means that this year’s online shopping surge is likely to be pushed back from previous years.

All the signs are that today – the 10th of December – is likely to be among the busiest days for pre-Christmas online shopping, and the bad news is that, as it’s a working day, business productivity could take a severe hit.

But perhaps more important, research suggests that in the rush to get all the Christmas present shopping done online, many employees will be opening up their employers to online security attacks, as their normally high guards will be lowered.

IBM’s Coremetrics operation reported a 94 per cent increase in the value of goods purchased online in last year’s pre-Christmas run-up, as well as the fact that the average number of presents bought online had increased from 2.7 to 3.7 presents per person in 2009.

If these figures are extrapolated to this year’s online Christmas, it becomes clear that, coupled with the big freeze, consumers’ retail shopping is certain to be curtailed in favour of the bargains to be found online. Further analysis of last year’s pre-Christmas online shopping trends showed that the busiest day tended to be towards the end of week.

Factoring in the data from Experian Hitwise’s analysis of last year’s Christmas, it’s fairly obvious that, coupled with the big freeze, the 10th of December will be a Frantic Friday as far as online retailing goes. Organisations need to be aware that the enthusiasm of their employees to do their holiday shopping online means that their normal security procedures may be compromised.

According to research which took in responses from 360-plus workers in the UK and 630-plus staff in the US, 57 per cent of employers do not prohibit the use of work email addresses for online shopping by staff. As well as increasing the risk of malware infections, the research also found that managers underestimated the productivity losses due to all their staff’s online shopping.

The survey also found that 18 per cent of those surveyed said that they thought the financial cost per employee due to productivity losses were between £500 and £3000, whilst a further 9 per cent said that the losses were between £3000 and £6,000 per member of staff. And, a further 5 per cent said they believed losses were between £6,000 and £10,000 and per person.

The survey shows the real risks that organisations are taking for failing to differentiate between employees’ working activities and obvious leisure activities in the workplace. No one likes to be accused of being a scrooge by banning a little fun in the workplace, especially at this time of year, but the lack of security policies – and their enforcement – that is highlighted by this analysis is very worrying.

It’s against this backdrop that I advise employers to seriously consider the use of separate computers – isolated from the corporate IT systems where appropriate – for online shopping in the workplace during breaks and mealtimes, and for the issue of Web email addresses such as Gmail and Hotmail, exclusively for employee’s leisure time usage.

Using this approach makes sound business and security sense, since it isolates the problem. Employers should also use IT security systems to enforce the rules, and so defend their company IT resources from a potentially devastating infection.

The report clearly shows allowing staff relatively unfettered access to the Internet for shopping purposes in the workplace can be dangerous. There is no point in employers taking unnecessary risks with their IT assets.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Peter Wood is a member of the ISACA conference committee and Chief of Operations at First Base Technologies, an ethical hacking firm in the UK.