Online Shopping Potential Network Threat

Break out the mistletoe and the Bing Crosby / David Bowie duets- its time for the holidays! What's that you say? Your house is still awash in orange and black, you haven't come down from your Halloween sugar-high, and you still have to throw out the rotting pumpkin on your front porch?

Well, you may have noticed that part of the annual holiday ritual over the past few years has been to start the season progressively earlier. So, Walmart and Best Buy already had Black Friday caliber deals last weekend with laptops for $300, Bacardi is already running their holiday ads of "drink lots of our rum...but enjoy the holidays responsibly" on TV, and some radio stations (like WNIC in Detroit) are already running a 24/7 Christmas music format through the end of the year. With the economy in a collapse and a government that can't make up their minds how best to utilize the $700 Billion blank check they were given to fix it, vendors and retailers are starting even earlier to try and grab their share of the limited holiday shopping pie.

Well, a survey of 3,100 IT professionals conducted by ISACA (Information Systems Auditing and Control Association) shows that a majority of users intend to do holiday shopping from work. 63% plan to shop from company computers on work time, 40% of those say they will probably spend up to 5 hours doing so. That is a double financial hit to employers- they lose the productivity of the workers while they surf and shop, as well as the investment in hardware, software, and network resources being abused for purposes other than conducting company business. Of course, most companies have some sort of AUP (acceptable use policy) that defines how employees can use company resources, and many of those actually allow or condone some amount of personal activity. So, that part is not necessarily the end of the world.

The bigger threat to the employer comes from unsuspecting employees visiting unscrupulous sites and possibly exposing the network to malware, bots, or other threats. Many employees also use their company email accounts which could result in an increase in spam flooding the company email server, or even expose sensitive information. An article about this study from Dark Reading ends with this: "In a parallel survey of IT professionals, ISACA found that nearly half (46 percent) believe that their companies will lose an average of $3,000 or more in productivity per employee from online holiday shopping at work. More than half (55 percent) also reported that their company permits workers to shop online, but has no strategy for educating them about the risks."