Nearly half of Australian employees admit to online shopping at work. What they don’t realise is that they could be compromising their employer’s cyber-security,
Services comparison website, finder.com.au, surveyed 2085 Australian workers and found almost 47% of respondents have shopped online during work hours.
There are many reasons why employees shop online at work - often it is done in breaks or the lunch-hour by the time-poor or bored, corporate connectivity may be better, there may be fewer distractions than at home, and many believe that big companies have the security to make it safer to do their online shopping at work.
Could be compromising corporate security
What employees don’t know is that they could be compromising their employer’s security, especially if their employer is an SME. Small businesses are often more vulnerable, having less sophisticated cyber security systems than larger enterprises.
Many employees subscribe to and log in to a range of websites using their work email. Just last year, the Australian government said 12.5 million Australian email addresses have been published online, and that was just on a single identified server.
LinkedIn, Yahoo, eBay, Uber and most recently Twitter and Under Armour have all been hacked in recent times and their customers’ emails and logins compromised.
Even if employees are using their personal email and passwords, small- and medium-sized businesses could be in trouble if any of these passwords fell into the wrong hands and these happened to be the same passwords used to access the business network.
Compromised Email Addresses and Passwords
There is a lot of damage cybercriminals can do with the right password. Founder of cyber insurance company Edmund Insurance, Richard Smith says hackers can extort the business by using ransomware to lock down the business' network until payment is made or they can steal client data and put it up for sale on the Dark Web.
“With an e-mail address and password, cybercriminals may be able to quickly work out how to gain access to your business network. At the very least, they are well equipped to launch phishing and/or social engineering campaigns against you.
"Even if the compromised passwords don't give them access to your business' systems, they can still try to scam the employee into paying funds into a fraudulent account."
Tips to Protect the Business
It is hard to stop people using their work email for subscriptions and online shopping, but there are steps organisations can take to protect themselves. SME owners and managers need to ensure their employees:
- Practice good password hygiene, such as using different types of characters.
- Change their passwords regularly.
- Change passwords to something significantly different from the previous one.
- Do not open email attachments they are uncertain about, such as those with poor spelling or spelling mistakes.
- Check if the email wants you to click on a shortened URL link. Employees can check the full address without compromising security by hovering above it with the mouse or pasting it into a Google search.
- Australian business has 'head in sand' over cyber-security
- C-suite mobile devices are biggest risk to enterprise cyber-security
- eBook: 8 reasons why outsourcing mobility management makes sense
- EMM is the most under-utilised tool in the IT toolbox says Gartner