December 02, 2008

 

With Cyber Monday (News - Alert) and the increase in online shopping, it is important for companies to examine whether or not their systems are ready to handle the surge. In the area of contact centers, it is important to communicate what is acceptable for online shopping and the inherent threats.

Organizations that allow their employees to shop online without also educating them about risks are exposing employees and the company to spam, malware, phishing and loss of productivity.

According to a recent U.K. survey of ISACA members, 21 percent of respondents reported that their organization’s employees fully understood the risks associated with shopping online from their workstations.

More than 82 percent of respondents indicated that their organization either does not have or they are now aware of a policy that prohibits employees from shopping online. Only 32 percent of organizations that allow online shopping actually educate employees about the risks.

Not surprisingly, many companies do recognize the potential loss associated with online shopping while on the job. More than 40 percent of organizations believed they would lose an average of £2,000 or more in productivity per employee from online holiday shopping at work during November and December.

"Shopping from the workplace looks set to continue, especially with the increased pressures inevitable in a recessionary environment,” said Lynn Lawton, CISA, FCA, FIIA, FBCS CITP, international president of ISACA and the IT Governance Institute, in a statement.

 

“It is clear that more needs to be done to improve employee awareness of the hidden dangers of shopping online, particularly regarding clicking on links from unsolicited e-mails or making sure that a web site is safe before shopping,"

"The challenge for organizations is not only to educate workers about information security, but also to change their behavior. For example, it is one thing to make someone aware that it is wrong to click on a link from a spam e-mail, but quite another to change their behavior so that they do not click on these suspicious links," added Lawton.

In a U.S. survey, ISACA found that 63 percent of employees plan to shop online from their work computer during November and December. Unfortunately, 26 percent do not know how to or do not bother to check whether a Web site is secure.

"It is clear that we still have a long way to go in making sure that employees think before they click on a link. There are literally millions of web sites infected with malware. If someone just clicks on a link in an e-mail, they are compromising the security of their PC and potentially the security of the whole organization, said Paul Williams, MBCS, FCA, CITP, past international president of ISACA, in a statement.

Any organization that relies heavily on its network, servers and workstations to conduct business should be educating their employees about the risks associated with online shopping. For contact centers, productivity and efficiency can be greatly impacted, shrinking the bottom line.