MUMBAI, India--(2011 ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security” more than half of IT professionals in India (56%) believe the risk resulting from employees’ use of personal mobile devices for work activities currently outweighs the benefits. Yet, since more than a third of enterprises in India allow personal devices to be used for work, global nonprofit IT association ISACA urges enterprises to embrace the technology and the benefits it brings, while educating employees on the potential risk.)--India is one of the fastest growing mobile markets worldwide and the domestic mobile phone market is increasingly moving toward smartphones. According to the India edition of the “
“Between lost productivity, the dangers of unsecured networks, and the potential to lose small items, mobile devices pose many risks that must be managed to obtain their substantial benefits.”
More than 4,700 ISACA members in 84 countries—298 from India—participated in the 2011 Shopping on the Job survey, which examined risky online behaviors at work. Nearly 60% of IT professionals in India say that their enterprise prohibits employees from accessing social media web sites from work-supplied devices. Thirty-eight percent limit the use of work-supplied mobile devices for personal use and 45% prohibit employees from shopping online using a work-supplied device.
Yet 92% of respondents say employees will spend at least 2-4 hours shopping online during work hours, and more than 56% say employees will spend 6 hours or more. Fifty-six percent believe their enterprise loses INR 50,000 to INR 2,50,000 per employee who shops online during work hours using work-supplied devices. To minimize the costly risk, 52% of the polled companies prohibit the use of work e-mail addresses for online shopping and 56% have a security policy that covers mobile devices. Additionally, 70% of organizations provide training on the policy and 68% have technology to protect against web-based attacks.
Shopping from company-issued devices
“As companies increasingly provide employees with laptops and smartphones—or allow employees to use personal devices for work— work and personal activities continue to blur. This results in heightened risk to enterprises because of the danger that cookies and other tools used by online sites could gather other information from the systems,” said Mr. Niraj Kapasi, IT auditor and chair of ISACA’s India Task Force. “Between lost productivity, the dangers of unsecured networks, and the potential to lose small items, mobile devices pose many risks that must be managed to obtain their substantial benefits.”
Loss of a company-supplied device is considered high risk to the enterprise by 91% of respondents in India.
While the use of applications with geolocation is increasing, 41% of respondents in India say their enterprises don’t provide security guidance on it. Geolocation is valuable, but employees need education on when to enable and disable it. ISACA’s five-step ROUTE helps minimize geolocation risk:
- Read mobile app agreements to see what information you are sharing.
- Only enable geolocation when the benefits outweigh the risk.
- Understand that others can track your current and past locations.
- Think before posting tagged photos to social media sites.
- Embrace the technology, and educate yourself and others.
Full results of the fourth ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security are available at www.isaca.org/online-shopping-risk.
The nonprofit ISACA (www.isaca.org) has more than 95,000 members and attests IT skills and knowledge through the CISA, CISM, CGEIT and CRISC certifications.