RSS Alerts

Related Stories

  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • The user is not the enemy: How to increase information security usability
    People have long been accused of being the ‘weakest link’ in information security, but what if lack of usability and information security training is actually at the heart of the matter? Wendy M. Grossman investigates
  • ISF details top ten future IT security threats
    Cybercrime is at the top of the Information Security Forum's (ISF) Threat Horizon list for 2011, which highlights the growth of `crimeware as a service' offered by criminal gangs, along with infiltration into organisations to carry out insider attacks.
  • Information security and the recession
    As the recession continues to chew into budgets, and cyber criminals see increased opportunity for looting, CIOs must ensure that information security defences remain strong and affordable, even if this means a little bargaining. Stephen Pritchard looks at how organisations can negotiate the rough seas ahead.
  • Keeping sensitive information secure when staff is leaving
    Career loyalty is an endangered creature. Unlike our predecessors, today’s workforce is unlikely to stay committed to a job for five years, let alone their entire lives. But with such a fluid stream of employees keeping human resources busy, and countless eyes being cast over company data, Rob Stringer investigates how sensitive information can stay faithful to its organisation, even if its staff don’t...

News

RSA Europe: ISACA warns employees pose grave danger to company IT security doing their online Christmas shopping

23 October 2009

International research completed by ISACA, the not-for-profit IT security association, suggests that, with the Christmas holiday season fast approaching, staff at many companies are planning to do a sizeable slice of their present buying online and thereby posing an IT security risk.

Yves Le Roux, a principal consultant with Computer Associates and a governance, risk and compliance specialist with ISACA, said this poses a grave danger to companies as staff doing their online shopping significantly increases the risk of malware and similar infections.

"Our research suggests that 10% of office workers are planning to spend more than 30 hours shopping for presents online, something which they really should not be doing in work time", he told Infosecurity.

Speaking with Infosecurity at the RSA Europe conference in London, Le Roux said that the research suggests there needs to be a profound change in the way employers view personal internet surfing at work.

It is, he explained, highly dangerous in IT security terms for employers to allow staff to carry out personal web surfing from their office PC.

"The solution is to ban such activity in the employee's code of conduct agreement. If you do that, then it becomes possible to lock down such activities from a security standpoint", he said.

This is usually achieved by using web filters and other security software and education of the staff as to why they should carry out online shopping and surfing at work.

ISACA's research - which took in responses from 1500 members in nine countries - found that employees are planning to spend nearly two full working days (14.4 hours) on average shopping online from a work computer this holiday season.

The main drivers, ISACA said, are convenience (34%) and boredom (23%), but the consequent dangers from personal shopping online using the company computer include viruses, spam and phishing attacks invading the workplace, resulting in financial losses due to reduced productivity and destruction or compromise of corporate data.

ISACA said that employees who shop online from work are also likely to engage in other high-risk activities, such as online banking (51%) and click on email links to shopping sites (40%) as well as links from social networking sites (15%).

Yet, nearly one in five is not concerned that their online habits may affect their organisation`s IT infrastructure, ISACA found.

"The reality gap between the IT department`s perceptions and employees` online shopping behaviours actually represents an opportunity for IT", said Paul Williams, member of ISACA`s governance advisory council.

"By educating employees and communicating common-sense online policies, IT can better protect one of an organisation`s most critical assets-its IT systems," he added.

ISACA has published a list of tips to help employees and their organisations navigate this issue.

In early November, the association plans to publish a new Risk IT framework.

 

This article is featured in:
Compliance and Policy Internet and Network Security Malware and Hardware Security Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water