December 5th 2013
As the ecommerce landscape evolves and becomes more convenient to consumers, many employees will conduct secret shopping excursions while at work in an effort to hide activity from their significant others. Rather than trying to stamp out these activities, which will likely cause individuals to carry out these tasks in secret, executives should consider raising awareness regarding safe shopping tips, as this will reduce the chance that people accidentally expose personal or sensitive information. A CSO report highlighted some of the advice that experts are passing on to business leaders.
No Wi-Fi allowed
Employees who do wish to use their mobile devices to shop at work should not be able to do so over the organization's Wi-Fi network, CSO reported. The fact of the matter is that the threat landscape is sophisticated enough to breach a large portion of the endpoint security tools that come standard within consumer smartphones or tablets. If this perimeter is breached and cybercriminals gain access to the corporate network, there is no telling what kind of storm could come next.
Because most consumers have some sort of data plan, executives should encourage individuals to use these connections to carry out online shopping, CSO noted. This will improve the security of a firm's confidential resources without prohibiting employees from shopping at work – even if the idea is slightly taboo. The unfortunate truth is that people will often circumvent policies for the sake of convenience. For this reason, it is often better to compromise than to fall into a trap in the long run.
Type in passwords
Saving passwords is never a good idea, especially when people are conducting online shopping activities and are forced to provide sensitive financial information to make a purchase. In addition to ensuring that all websites begin with an "https," which indicates it is hosted on a secure connection, CSO encouraged employees to physically type in passwords instead of saving them in the browser.
Although typing in passwords is much more time-consuming than simply clicking an approve button, it also means individuals will be less likely to have their confidential information saved online, which can then be accessed by cybercriminals for malicious purposes. At the same time, however, employees need to be aware of scams that encourage users to change passwords.
Watch out for phishing
Cybercriminals are out in full force during the holiday season, hoping to catch negligent or unaware users off guard. Phishing is a particularly common tactic used by malicious outsiders. This strategy involved using false ads and other promotional content to encourage individuals to change sensitive information, such as passwords, or check that data is accurate.
Recently, phishing incidents have become increasingly sophisticated, making it harder for everyday-tech users to identify malicious activity. A ThreatSim study found that 84 percent of companies in a recent survey have experienced a phishing attack. This suggests that businesses around the world need to become more familiar with how these occurrences are carried out and common tactics that may identify a possible threat.
In today's business environment, it can be difficult to tell employees "no" and actually guarantee that individuals will abide by those rules. Instead of facing long-term consequences brought about by data protection issues after workers decided to conduct holiday shopping while in the office even after being told not to, executives should support these tasks and raise awareness of how to carry out these activities in a safe manner. In doing so, enterprises can mitigate risk and improve employee satisfaction at the same time.