ISACA Survey: Online Christmas Shopping – grab a bargain- but what’s the risk?

expertwitnesssmartphones

 

Employees potentially increasing risk as they use corporate smartphones—or personal smartphones that they also use for work—to shop online.

London, UK – 15 December 2011 - More people than ever are using their personally owned smartphones to send and receive e-mails, browse the Internet, shop online and visit social media sites—as well as perform work activities or even connect to the company network. And with the holiday season fast approaching, it is perhaps not surprising that more than half of employees in the UK will do more online shopping this year than they did last year. According to ISACA’s 2011 Shopping on the Job: Online Holiday Shopping and BYOD Security survey, 50% of UK employees questioned will use their smartphones to shop online between early and mid-December. As the line between personal and work devices continues to blur, potentially putting corporate data at risk, it is critical for companies to embrace the technology, and educate their employees on the risk.

The survey shows that shoppers are moving toward online shopping from smartphones to get bigger bargains and avoid crowds. Dipping into the research, ISACA, a global, non-profit professional association, found that 13% of respondents choose to shop online because e-shopping is faster than brick-and-mortar shopping, and 30% say they primarily shop online because it is easier than heading to the stores.

About one in 10 online shoppers uses shopping apps—although it is interesting to note that a number of users are concerned about their revealing their geolocation, with a hefty 75% saying they would turn off user location tracking because of fears surrounding stalking and identity theft.

And it’s not just geolocation that has online Christmas shoppers worried, as many users reported they were concerned about smartphone security generally. Nearly 10% of respondents use work-supplied smartphones, while 54% say they use personal devices for work, showing a growing trend known as bring your own device (BYOD)—there is not just a risk to the user’s device and data, but also to the user’s employer.

Half of the UK respondents to the ISACA survey said they are more concerned with protecting the security of their own PC or smartphone than their work-supplied computer or smartphone. A quarter of respondents said they are not concerned that shopping online at work may affect their organisation’s IT network.

Commenting on these results, Marc Vael, director at ISACA and chair of the association’s Knowledge Board, said the number of people who are not concerned about their organisation’s IT network is concerning, as well as the number of employees who use a personal device for work.

“As they are grabbing online deals and buying gifts for loved ones with their work-supplied devices—or personal devices also used for word—employees also have to be aware that they are placing not only their own security, but also their organisation’s information, at risk,” Vael said. “It is important to provide education and take precautions since the BYOD trend is here to stay.”

It’s with this in mind that ISACA provides tips to help employees manage their personal smartphones, tablets or notebooks that they also use for work activities:
- Find out if your company has a policy for using personally owned devices for work activities.
- Understand what happens if that device is lost or stolen.
- Follow ISACA’s five-step “ROUTE” for informed use of geolocation.
- Sensitive data stored on mobile devices should be encrypted and password-protected.
- Only load apps from a trusted provider.

“There is a distinct gap between what IT departments may do and what employees understand or know about,” said John Pironti, CISA, CISM, CGEIT, CRISC, CISSP, security advisor with ISACA and president of IP Architects. “For example, many employees do not realize that, as part of the process of connecting their personal device to the organization’s corporate network, they may have agreed to allow their personal smartphone or tablet to be remotely or locally wiped clean if they lose it or the organization believes it has become compromised while storing confidential data. Setting a policy for the use of personal smart devices and effectively communicating it to employees are crucial.”

The complete survey results are available at www.isaca.org/online-shopping-risk.

About the 2011 ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security The ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security—which is now in its fourth year—helps gauge current attitudes and organisational behaviours related to the risk and rewards associated with online shopping, and the blurring boundaries between personal and work devices. The study is based on an October 2011 online polling of 4,740 ISACA members from 84 countries, including 137 professionals from the UK. A separate online survey was fielded among 1,000 consumers in the UK in October 2011 by Eskenzi PR. To see the full results, visit www.isaca.org/online-shopping-risk.

About ISACA
With 95,000 constituents in 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the non-profit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.

ISACA continually updates COBIT®, which helps IT professionals and enterprise leaders fulfil their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

Follow ISACA on Twitter: http://twitter.com/ISACANews Join ISACA on LinkedIn: ISACA (Official), http://tinyurl.com/42vbrlz Like ISACA on Facebook: www.facebook.com/ISACAHQ Collaborate with ISACA members: www.isaca.org/knowledge-center

For full results of the survey please contact:
Neil Stinchcombe, Eskenzi PR, +44 207 183 2833, This email address is being protected from spambots. You need JavaScript enabled to view it. Hannah Rafferty, Eskenzi PR, +44 207 183 2836, This email address is being protected from spambots. You need JavaScript enabled to view it.----------------------------------------------------------------