Yves Le Roux, a principal consultant with Computer Associates and a governance, risk and compliance specialist with ISACA, said this poses a grave danger to companies as staff doing their online shopping significantly increases the risk of malware and similar infections.
"Our research suggests that 10% of office workers are planning to spend more than 30 hours shopping for presents online, something which they really should not be doing in work time", he told Infosecurity.
Speaking with Infosecurity at the RSA Europe conference in London, Le Roux said that the research suggests there needs to be a profound change in the way employers view personal internet surfing at work.
It is, he explained, highly dangerous in IT security terms for employers to allow staff to carry out personal web surfing from their office PC.
"The solution is to ban such activity in the employee's code of conduct agreement. If you do that, then it becomes possible to lock down such activities from a security standpoint", he said.
This is usually achieved by using web filters and other security software and education of the staff as to why they should carry out online shopping and surfing at work.
ISACA's research - which took in responses from 1500 members in nine countries - found that employees are planning to spend nearly two full working days (14.4 hours) on average shopping online from a work computer this holiday season.
The main drivers, ISACA said, are convenience (34%) and boredom (23%), but the consequent dangers from personal shopping online using the company computer include viruses, spam and phishing attacks invading the workplace, resulting in financial losses due to reduced productivity and destruction or compromise of corporate data.
ISACA said that employees who shop online from work are also likely to engage in other high-risk activities, such as online banking (51%) and click on email links to shopping sites (40%) as well as links from social networking sites (15%).
Yet, nearly one in five is not concerned that their online habits may affect their organisation`s IT infrastructure, ISACA found.
"The reality gap between the IT department`s perceptions and employees` online shopping behaviours actually represents an opportunity for IT", said Paul Williams, member of ISACA`s governance advisory council.
"By educating employees and communicating common-sense online policies, IT can better protect one of an organisation`s most critical assets-its IT systems," he added.
ISACA has published a list of tips to help employees and their organisations navigate this issue.
In early November, the association plans to publish a new Risk IT framework.