201x Shopping on the Job Survey2010工作中購物的調(diào)查

1、Commissioned by ISACA ()November 2010 2010 ISACA. All Rights Reserved.Two Surveys in OneTwo separate but related surveys make up the Shopping on the Job: ISACAs Online Holiday Shopping and Workplace Internet Safety Survey. One survey was conducted with US consumers/employees. A second s

2、urvey was conducted with business and IT professionals who are members of ISACA, a nonprofit global membership association, in all geographic regions.Full details are available at /online-shopping-risks.Two Surveys in OnePart OneConsumers/Employees:Determine online behaviors of US resid

3、ents who use a work-supplied computer, laptop, netbook, notebook, tablet and/or smart phone to shop online, especially during the 2010 holiday season. Learn about:Extent of online shoppingMotivation for online shopping Approach to securityKnowledge of and adherence to corporate IT policies 2010 ISAC

4、A . All Rights Reserved.Two Surveys in OnePart TwoBusiness/IT Professionals Who Are Members of ISACA:Determine attitudes and experiences of global IT and business professionals regarding their policies and expectations of employees doing online shopping on work devices.Survey results from 3,307 busi

5、ness and IT professionals who are members of ISACA in five geographic regions around the world. Results are available in the global aggregate or broken down by region at /online-shopping-risks.Key TakeawaysConsumer/Employee Survey:Employees will shop less, but take bigger risks online d

6、uring the 2010 holiday season. Approximately half as many as last year (23 percent vs. 52 percent) plan to use a work-supplied device to shop online. They plan to spend an average of six hours shopping online (vs. 14 hours in 2009) using a work-supplied device. BUT, more people are doing activities

7、that could put their employer at risk, e.g., clicking on links in e-mails (52 percent in 2010; 40 percent in 2009), providing work e-mail addresses to online shopping outlets (28 percent in 2010; 21 percent in 2009) and clicking on a link at social networking sites (19 percent in 2010; 15 percent in

8、 2009).(continued on next slide)Key TakeawaysConsumer/Employee Survey (continued):Cost to the employer is estimated at US $1,000 or more per employee, with many IT professionals putting the number as high as US $15,000. Increase in the number of people who assume that the IT department is ensuring t

9、hat their work-supplied computer or smart phone has the most recent security patches (41 percent in 2010; 30 percent in 2009) Increase in the number of people not concerned that online shopping at work may affect their organizations IT network (24 percent in 2010;17 percent in 2009).The increasing u

10、se of mobile devices is making “shopping on the job” riskier.Almost half of those who will be shopping online with a company device will use a laptop, tablet, smart phone or similar device. Key TakeawaysBusiness/IT Professional (ISACA Member) Survey:The IT mindset is shifting from prohibiting online

11、 shopping to setting limits. The number of organizations prohibiting employees from shopping online using a work computer has dropped to 11 percent. Instead, IT staffs are allowing use but setting limits: 49 percent limit online shopping using a work computer. Similarly, the number of organizations

12、prohibiting employees from accessing social networking sites has dropped to 11 percent. 53 percent of respondents believe their organization loses US $1,000 or more per employee as a result of an employee shopping online during work hours in November and December. Almost one-fifth put the number at

13、US $15,000 or higher.For mobile devices, an overwhelming majority (84 percent) ranked the risk of using a mobile shopping application on a work-supplied device as high or moderate. Despite that, 42 percent allow employees to use work-supplied mobile devices for personal use and 41 percent use their

14、own mobile devices for work.Key TakeawaysWhy are more employees taking risky actions online?Organizations are doing a better job of educating employees about computer security, but that may be creating complacency, causing employees to assume that IT can handle all security breaches.ISACAs survey fo

15、und that 25 percent of people are not concerned that their online shopping behavior may affect their organizations IT network. This shows that educating employees about security needs to be ongoing and that it needs to gain the employees personal buy-in.Key TakeawaysOnline Shopping Risks:Social engi

16、neering and phishing attacks, malware and information breaches that can cost companies thousands per employee to correct, millions in compromised corporate data and severe damage to their reputation Mobile Device Usage Risks:The same social engineering and phishing attacks, plus “mobile malware” and

17、 data breaches due to lost or stolen devicesKey TakeawaysHow should organizations address these risks?Organizations should use an “embrace and educate” approach. They should apply proper risk management and implement security controls to mitigate the risks of phishing attacks, malware and data breac

18、hes. All of this needs to be supported by workplace communications and education.A ban of mobile devices is usually not effective. Mobile technology can offer enterprises a range of highly valued benefits, from increased productivity to improved employee morale to better customer service. Organizati

19、ons should create an easily understood and executable policy that protects against risks related to leaking confidential data and malware. This policy should also take into account the growing “personalization of IT”i.e., the fact that many employees are using their own mobile devices for work activ

20、ities.Compare Consumer ResultsChanges Between 2009 and 2010 Surveys:Fewer people are shopping online in 2010, but those who are doing it are taking bigger security risks and are less concerned about their own role in reducing risk.Approximately half as many plan to use a work-supplied device to shop

21、 online (23 percent in 2010 vs. 52 percent in 2009).Average amount of time shopping online on work devices is six hours (vs. 14 hours in 2009).More people are taking risky actionsclicking on an e-mail link (52 percent in 2010; 40 percent in 2009); clicking on link on social networking site (19 perce

22、nt in 2010; 15 percent in 2009); using a work e-mail address (28 percent in 2010; 21 percent in 2009).More people assume the IT department is ensuring that their work-supplied computer or smart phone has the most recent security patches (41 percent in 2010; 30 percent in 2009).MethodologyFor Part On

23、e (consumer/employee version) of the survey: ISACA included 10 questions in a weekly national omnibus conducted by M/A/R/C Research. The survey was fielded online between 27 September and 4 October 2010. The total sample was 2,853 respondents; 638 qualified for the survey based on having shopped onl

24、ine using employer computers. Study results have a margin of error of 3.9 percent at the 95 percent confidence level. MethodologyFor Part Two (IT/business professionals who are ISACA members) of the survey: A related online survey was conducted by ISACA between 27 September and 4 October 2010 among

25、3,307 ISACA members in North America, Central/South America, Europe, Asia and Oceania. ISACAWith 95,000 constituents in 160 countries, ISACA () is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent