Online Shopping At Work Puts Businesses At Risk

Online Shopping

2011 saw a huge rise in online shopping. The surge of buyers on ‘Cyber Monday’ in the run-up to Christmas and the early pre-Boxing Day online sales during the festive season contributed hugely to the number of people rushing to make their purchases on the web. Worryingly however, the rise in online shopping is also leading to a rise in a less desirable phenomenon of cybercrime.

The technology we have at our disposal today has given thieves countless ways to access personal information, particularly when sensitive data such as credit card details are stored online. Even a corporate email inbox can provide identity thieves with a wealth of information to commit identity theft.

Moreover today, the rise of the mobile workforce and use of the cloud means that workers can use their own personal smartphones or tablets to access shopping sites online. These same devices are also used to connect to corporate networks and access corporate data.

As such, the use of these devices for personal online transactions can pose a significant hacker risk to companies, if precautions are not taken. A 2011 ISACA ‘Shopping on the Job’ survey found that nearly one-third (32 per cent) of people who shop online will do so using a device they also use for work purposes, which is 15 per cent more than in 2010.

Because enterprise devices can often be vulnerable to outside attacks, it is crucial for companies to protect themselves using up-to-date security features in order to properly manage their business. A personal identity, if in the wrong hands, can be highly destructive and high profile cases (such as Sony in 2011) can open a company to lawsuits. Just like individuals, businesses are at risk from identity theft and the losses can be much larger, which makes them a particularly attractive target for criminals.

Third party research showed that over 39 per cent of workers had written down their corporate passwords in order to remember them and 34 per cent admitted to sharing their password with others. This is incredibly worrying; reports, memos and even post-it notes with a user’s password scribbled on it can yield an enormous amount of highly personal and sensitive data.

Workers that log on to do their shopping online and leave passwords to their computers lying around often fail to realise that losing their identity also jeopardises the company and colleagues connected to them. These people believe their online identity to be a safe and trusted source of information.

Unbeknown to them, this is not the case. The use of our personal online identities increasingly in everyday life is fast becoming the norm and it is becoming increasingly important for organisations to have policies in place that can deal with these developments in a secure and user-friendly way. This is where identity management comes in to play.

Identity management refers to the policies, processes and technologies that enforce rules about access to digital resources by establishing user identities. With an identity management system, a user can employ a single digital identity to access all of their resources. Federated identity management puts the focus on users.

By ensuring reliable access from multiple locations, federated identity systems provide a measure of mobility. It removes the need to replicate databases of user credentials for separate applications and systems and offers improved security, both for digital resources and for users’ personal information.

With employees traversing the Internet with highly sensitive data, the connection has to be secure to protect the user, enterprise and service provider. The importance of online security cannot be underplayed; a survey found that 37 per cent of UK internet users would cite ‘secure browsing’ as the biggest contributor to improving their online experience.

Users are also demanding direct access to external resources and improved ease of use with Internet single sign-on (SSO), while still being confident in their information and identities being protected. Federated Identity Management can meet this need and at least set employer’s mind at rest that while online shopping may not be productive, at least it can remain secure.

Clare Rees is marketing director at Ping Identity, a provider of cloud identity security solutions to more than 700 of the world's largest companies, government organisations and cloud businesses. Clare has worked in the IT industry for 20 years. Her career began in database application companies and continued through the growth of Web application development at companies like Macromedia and Adobe.