ISACA Survey: Bring Your Own Device (BYOD) Trend Heightens Online Holiday Shopping Risk

November 1, 2011

Tools

Online shoppers to spend 18 hours shopping on devices also used for work

ROLLING MEADOWS, Ill.--(BUSINESS WIRE)-- Shopping online for the holidays is up, with a 15 point increase in the percentage of Americans who say they will spend more time shopping online than in 2010. But according to ISACA’s fourth annual Shopping on the Job Survey, more than half the time spent shopping will be on devices also used for work, which poses significant risk to corporate networks and information.

The “2011 ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security” found that online shoppers plan to spend 32 hours on average shopping online this holiday season, with 18 of those hours on a work-supplied device or a personal device used for work—a trend called “BYOD” (bring your own device). People are increasingly tech-savvy: use of mobile applications has nearly tripled since last year’s survey, 29 percent click on deal sites such as Groupon, and 7 percent scan quick response (QR) codes.

BYOD Is Here to Stay

ISACA, a nonprofit professional association of 95,000 IT audit, security and governance professionals, also conducted a separate survey of more than 4,700 of its members from 84 countries. The member survey shows that they believe that their organizations are increasingly challenged to deal with BYOD.

“The consumer survey shows that two-thirds of employees ages 18 to 34 have personal devices they use for work purposes. BYOD is here to stay, so education and precautions are needed,” said Robert Stroud, CGEIT, CRISC, past international VP of ISACA and VP and service management, cloud computing and governance evangelist at CA Technologies.

Location Tracking

Consumers are concerned about new features like mobile device location tracking. Fully 74 percent say they would turn off tracking due to potential stalking or identity theft. A third of consumers (34 percent) have clicked on a link in a social media site (up from 19 percent in 2010) and more than 1 in 10 (13 percent) click on e-mail links from unknown sources.

“ISACA’s survey shows that employees are unwittingly adding risk to businesses. The role of BYOD is bigger this season, so organizations must embrace its use and educate employees about security,” said Ken Vander Wal, CISA, CPA, international president of ISACA.

The consumer survey shows that 16 percent of respondents say their organization does not have a policy prohibiting or limiting personal activities on work devices, and another 20 percent do not know if their enterprise has one.

“There is a gap between what IT departments may do and what employees understand,” said John Pironti, CISA, CISM, CGEIT, CRISC, CISSP, security advisor with ISACA and president of IP Architects. “Many employees don’t realize that, as part of the process of connecting their personal device to the organization’s network, they may have agreed to allow their personal smartphone or tablet to be remotely or locally wiped clean if they lose it or the organization believes it has become compromised while storing confidential data.”

Employee Tips

ISACA offers tips for employees with personal devices also used for work:

Understand policies you agree to for connecting to corporate networks.
Understand what happens if your organization considers your device a security risk.
Follow ISACA’s five-step “ROUTE” for geolocation.
Enable security features, including encryption and passcodes.
Ensure you have current operating systems and updates.

About the Survey

The fourth ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security gauges attitudes and behaviors related to online shopping, and blurring boundaries between personal and work devices. It is based on October 2011 online polling of 4,740 ISACA members from 84 countries, including 1,678 members from the US. A separate online survey was fielded among 1,224 US consumers by M/A/R/C Research in September 2011. At a 95 percent confidence level, the margin of error for the total sample is +/- 2.8 percent. Full results: www.isaca.org/online-shopping-risk.

About ISACA

With 95,000 constituents in 160 countries, nonprofit, independent ISACA (www.isaca.org) offers the CISA^®, CISM^®, CGEIT^® and CRISC™ designations.