The survey also found an increase this year in the number of employees who take risky actions online, such as clicking on an e-mail link or providing their work e-mail address when shopping online.
These behaviors open the door to social engineering and phishing attacks, malware, and information breaches that can cost companies millions and inflict severe damage to their reputation.
As more employees make use of portable devices such as smart phones, laptops and tablet computers, these threats can increase.
Downloading malware is also a concern when employees use the Internet for personal reasons.
Many employees may not be concerned with security controls and may not know about the potential risk to information assets that can result from online shopping expeditions, such as viruses and spyware that can affect their company’s data integrity and network availability.
Managing digital natives and workplace technology
Companies have several choices when it comes to trying to reduce the risks posed by employees shopping online at work or using work-supplied devices. They can ban personal activities outright or they can avoid issuing policies and hope that their network security technology will keep threats at bay. Or they can go for a middle ground – adopt an “embrace but educate” approach. Acknowledge the reality that employees, especially digital natives, are going to use social networking and e-commerce sites liberally and blur the boundaries between personal computers and work-supplied ones, and educate them about risks and risk-reducing behaviors.
This is not solely the IT department’s problem. Safe use of a company’s IT assets crosses many areas of the company, including the legal, human resources and corporate communication departments. To protect your company and its assets during the holiday shopping season and beyond, make sure the relevant stakeholders in your organization have come together to develop and communicate a clear and realistic policy about online behavior and use of devices. Include the reasons why to increase the chances of compliance among the digital natives in your workforce.
Then get ready to update it again in another five years. That’s about when Gen Z, an even more tech-savvy group than the current crop of digital natives, will be ready to invade the workplace.
Robert Stroud, CGEIT, is international vice president of ISACA and service management and governance evangelist at CA Technologies.