December is the time of year when corporate computer networks are most at risk from virus infections because more employees may be Christmas shopping while at work.
That’s according to Andy Harbison, director of IT Forensics with Grant Thornton.
“Typically, employees make use of their company mail accounts for e-commerce, increasing the chances that their address will be exposed to scammers and spammers,” Harbison said. “This makes it more likely that malware will be uploaded on computers.”
Harbison said this can be an issue because there are plenty of fake sites on the internet, and malware loaders can even be found on legitimate sites.
“The kind of user who only uses their computer for personal matters at Christmas is likely to be a relatively unsophisticated user, and therefore more vulnerable to the kind of scams that occur on the net,” he said.
“This is because users who do not normally use computers for private browsing make use of their company machines to look for gifts. Employees who normally use their work computer for private browsing tend to view sites they might not normally view,” Harbison added.
Harbison’s comments follow the release of the 2011 ISACA Shopping on the Job Survey: Online Holiday Shopping and BYOD Security – Europe survey of European business and IT professionals who are members of ISACA.
In response to the question ‘What security measures, if any, has your enterprise put in place to limit or prevent employees from shopping online using a work computer or smartphone?’, most (55pc) said they have a policy in place that addresses online shopping. The percentage is even higher when it comes to having technology in place to protect networks from web-based attacks, at 73pc of respondents.
Twenty-eight per cent of respondents block retail websites and 47pc monitor their employees’ internet usage.
However, just fewer than that amount (43pc) allows employees to use corporate IT assets and time for personal purposes to promote a work-life balance, while 39pc said their enterprises restrict employees’ use of IT assets and time for personal purposes due to security concerns.