VoicePlus Blog

Shopping online at work is cyber-security risk for business

10 July 2018 by Michael Giffney 0 Comments

Nearly half of Australian employees admit to online shopping at work. What they don’t realise is that they could be compromising their employer’s cyber-security,

online shopping at work-921035-edited


Services comparison website, finder.com.au, surveyed 2085 Australian workers and found almost 47% of respondents have shopped online during work hours.

There are many reasons why employees shop online at work - often it is done in breaks or the lunch-hour by the time-poor or bored, corporate connectivity may be better, there may be fewer distractions than at home, and many believe that big companies have the security to make it safer to do their online shopping at work.

Could be compromising corporate security

What employees don’t know is that they could be compromising their employer’s security, especially if their employer is an SME. Small businesses are often more vulnerable, having less sophisticated cyber security systems than larger enterprises.

Many employees subscribe to and log in to a range of websites using their work email. Just last year, the Australian government said 12.5 million Australian email addresses have been published online, and that was just on a single identified server.

LinkedIn, Yahoo, eBay, Uber and most recently Twitter and Under Armour have all been hacked in recent times and their customers’ emails and logins compromised. 

Even if employees are using their personal email and passwords, small- and medium-sized businesses could be in trouble if any of these passwords fell into the wrong hands and these happened to be the same passwords used to access the business network.

Learn about EMM with VoicePlus

Compromised Email Addresses and Passwords

There is a lot of damage cybercriminals can do with the right password. Founder of cyber insurance company Edmund Insurance, Richard Smith says hackers can extort the business by using ransomware to lock down the business' network until payment is made or they can steal client data and put it up for sale on the Dark Web.

“With an e-mail address and password, cybercriminals may be able to quickly work out how to gain access to your business network. At the very least, they are well equipped to launch phishing and/or social engineering campaigns against you.

"Even if the compromised passwords don't give them access to your business' systems, they can still try to scam the employee into paying funds into a fraudulent account."

Tips to Protect the Business 

It is hard to stop people using their work email for subscriptions and online shopping, but there are steps organisations can take to protect themselves. SME owners and managers need to ensure their employees:

  • Practice good password hygiene, such as using different types of characters.
  • Change their passwords regularly.
  • Change passwords to something significantly different from the previous one.
  • Do not open email attachments they are uncertain about, such as those with poor spelling or spelling mistakes.
  • Check if the email wants you to click on a shortened URL link. Employees can check the full address without compromising security by hovering above it with the mouse or pasting it into a Google search.

 VoicePlus Cybersecurity Asif Mahmud

Related Blogs


Latest Posts

New call-to-action