UK consumers say they'll spend more time shopping online than in 2010. But according to the UK edition of ISACA's fourth Shopping on the Job report, two-thirds of this time will be on devices also used for work, posing significant risk to enterprises.

The 2011 ISACA survey into shopping at work and bring your own device BYOD security found that UK respondents plan to spend 29 hours shopping online this holiday season, 23 of which will be spent on a work device or a personal device also used for work-the BYOD trend – and 9 of which will take place during work hours.

Research published independently during October, by the Office of National Statistics, shows that £1 in every £10 is now spent online. Unsurprisingly, ISACA's study found that half of employees say they will spend more time holiday shopping online this year than last year.

ISACA, an independent nonprofit association of 95,000 IT audit, security and governance professionals, conducted the Shopping on the Job Survey in two parts: consumer surveys in the US and the UK, and a global survey of more than 4,700 of its members in 84 countries.

Use of personal devices for work-typically more difficult to secure than work devices-means sensitive corporate information may be compromised.

"The UK consumer survey shows that 54 percent of employees have a personal device they use for work. BYOD is here to stay," said Marc Vael, director, ISACA. "However, since most ISACA members say the risk outweighs the benefits, education is strongly needed."

Some 75% of UK consumers say they would turn off location tracking because of risk like stalking or identity theft. More than a third of UK consumers have clicked on a social media link and 15% click on e-mail links from unknown sources.

"ISACA's fourth online holiday shopping survey shows employees are unwittingly risking bringing viruses and malware into work. New this holiday season is growing BYOD, so organisations must focus on embracing emerging technology and educating employees on security," said Ken Vander Wal, international president of ISACA.

ISACA offers tips for employees:
Find out if your company has a policy for using personal devices for work.
Understand what happens if that device is lost.
Follow ISACA's five-step "ROUTE" for geolocation. http://www.isaca.org/About-ISACA/Press-room/PublishingImages/ISACA-ROUTE-v2.gif
Encrypt and password-protect sensitive data on the device.
Only load apps from a trusted provider.

The UK consumer survey shows that 10 percent say their organizations don't have a policy prohibiting or limiting personal activities on work devices and 20% don't have a policy regarding work activities on personal devices.

"There is a gap between what IT departments do and what employees understand," said Christos Dimitriadis, international vice president, ISACA, and head, information security, Intaralot SA. "Corporate IT security professionals need to raise their game to secure systems against the risk involved."

Share Story: