Australian IT executives concerned about shopping online at work: ISACA

Half of IT professionals in Australia expect company employees to do more online holiday shopping at work, which could lead to reduced productivity and increased security risks, a new survey from the risk management industry group, Information Systems Audit and Control Association (ISACA) has found.

The Australian edition of ISACA’s online holiday shopping and workplace internet safety survey found that 65 per cent of respondents believed that employees will spend three hours or more shopping online using work computers or mobile devices in November and December.

Nearly one-quarter of respondents estimate that employees will spend the equivalent of more than one full workday shopping online on company devices.

Due to lost productivity, nearly 60 per cent of IT professionals estimate that their organisations will lose $985 or more per employee that shops online at work while 20 per cent estimate the loss will be $14,800.

Check out IT's biggest money wasters

Only three per cent of organisations prohibit employee online shopping at work, with less than one-quarter of organizations prohibiting employees from accessing social networking sites at work.

Instead of preventing personal use of work computers and mobile devices, survey respondents say their organisations choose to safeguard from attacks to protect against web based attacks (82 per cent), monitor employees’ web usage (68 per cent) and educate employees about securing their work related and personal mobile devices for enterprise use (49 per cent).

According to ISACA mobile security project leader, Mark Lobel, the number of portable computers and mobile devices in the workplace is only going to increase, so companies need to create a realistic security policy that lets employees stay mobile without compromising the company’s intellectual property.

"To balance productivity and security, the IT mantra should be embrace and educate."

Lobel advises employees who are shopping online not to click on an e-mail or web link that is from an unfamiliar sender or looks too good to be true.

“Be very careful with the company information on your notebook, tablet or smart phone and use a privacy screen shield on mobile devices.”

He said that the IT department should team up with human resources to promote awareness of internet security policies, encrypt data on devices and use secure browsing technology.

Read more about IT executives in Computerworld's Careers Section