Online Christmas Shopping: Grab A Bargain, But What’s The Risk?

Online Shopping

More people than ever are using their personally owned smartphones to send and receive e-mails, browse the Internet, shop online and visit social media sites—as well as perform work activities or even connect to the company network.

And with the holiday season fast approaching, it is perhaps not surprising that more than half of employees in the UK will do more online shopping this year than they did last year. According to a survey, 50% of UK employees questioned will use their smartphones to shop online between early and mid-December.

As the line between personal and work devices continues to blur, potentially putting corporate data at risk, it is critical for companies to embrace the technology, and educate their employees on the risk.

The survey shows that shoppers are moving toward online shopping from smartphones to get bigger bargains and avoid crowds. The research found that 13% of respondents choose to shop online because e-shopping is faster than brick-and-mortar shopping, and 30% say they primarily shop online because it is easier than heading to the stores.

About one in 10 online shoppers uses shopping apps—although it is interesting to note that a number of users are concerned about their revealing their geolocation, with a hefty 75% saying they would turn off user location tracking because of fears surrounding stalking and identity theft.

And it’s not just geolocation that has online Christmas shoppers worried, as many users reported they were concerned about smartphone security generally. Nearly 10% of respondents use work-supplied smartphones, while 54% say they use personal devices for work, showing a growing trend known as bring your own device (BYOD)—there is not just a risk to the user’s device and data, but also to the user’s employer.

Half of the UK respondents to the survey said they are more concerned with protecting the security of their own PC or smartphone than their work-supplied computer or smartphone. A quarter of respondents said they are not concerned that shopping online at work may affect their organisation’s IT network.

The number of people who are not concerned about their organisation’s IT network is concerning, as well as the number of employees who use a personal device for work. As they are grabbing online deals and buying gifts for loved ones with their work-supplied devices—or personal devices also used for word—employees also have to be aware that they are placing not only their own security, but also their organisation’s information, at risk.

It is important to provide education and take precautions since the BYOD trend is here to stay.

It’s with this in mind that I provide tips to help employees manage their personal smartphones, tablets or notebooks that they also use for work activities:

  • Find out if your company has a policy for using personally owned devices for work activities
  • Understand what happens if that device is lost or stolen
  • Sensitive data stored on mobile devices should be encrypted and password-protected
  • Only load apps from a trusted provider.

There is a distinct gap between what IT departments may do and what employees understand or know about.

For example, many employees do not realize that, as part of the process of connecting their personal device to the organization’s corporate network, they may have agreed to allow their personal smartphone or tablet to be remotely or locally wiped clean if they lose it or the organization believes it has become compromised while storing confidential data. Setting a policy for the use of personal smart devices and effectively communicating it to employees are crucial.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Marc Vael, CISA, CISM, CGEIT, CISSP, is chief audit executive at Smals, a large Belgian IT organization with more than 1,800 people working for the Belgian federal government. He has more than 15 years of experience in evaluating, designing, implementing and monitoring solutions on risk and information security management, incident and business continuity management, data protection/privacy, and IT audit. An ISACA member for more than 15 years, Marc is also vice president of the ISACA Belgium Chapter, chair of ISACA’s Cloud Computing Task Force and Knowledge Board, member of ISACA’s Strategic Advisory Council, and past chair of the ISACA Communities Committee. He has been a visiting lecturer at Antwerp Management School (AMS) since 1997 and a deputy member of the Flemish Privacy Commission since 2010.

  • watchesandmore

    I do think the “bargain” outweighs the “risk”.