Skip to content


The Security Risks of Employee Online Shopping

The Security Risks of Employee Online Shopping

The holiday season has come and gone. While I’m sure you hoped your employees closed out the year on a high note, the reality is that they were probably a bit preoccupied with all the shopping they had to do. Throughout December 2018, analysts expected $65.5 billion worth of online transactions.

In a perfect world, you’d expect your employees to keep all of this online shopping to their personal time (outside of the office). However, more than half of employees say they’ll spend work hours shopping online during the holiday season. Amazon validated this assertion when, on the day after Christmas, it announced that 2018 was a record-breaking holiday season for the eCommerce giant.

And that’s only the holiday season. Easy access to online shopping exists year-round and as such, is a never-ending security risk for your business.

Be honest – you didn’t love every single gift you received. According to research from WalletHub, 34 percent of Americans plan to return a gift this year. For business owners, this shows the need for constant diligence to defend against cyber attacks.

While it’s important to limit risky employee behavior, the best way to secure your business is to maintain real-time visibility of your network.

Social Engineering and the Risks of Online Shopping at Work

Even if you have strict policies to block non-work-related websites on your office network, employees still find ways to visit social media profiles and eCommerce sites.

But the security risks don’t come from eCommerce sites exclusively. Sites like Amazon, Walmart, and other popular eCommerce websites won’t inject malware into your network just from employees shopping on them.

The real security risks lie in social engineering threats. Attackers know that the majority of data breaches are caused by human error. One carefully-crafted email can lure employees into opening malware-laden attachments or clicking malicious links that compromise your network.

These kinds of threats are tied directly to online shopping in the workplace. When employees shop online through your network, they’ll often log into their personal email accounts to access coupons and special deals.

One misclick as they sift through large volumes of personal emails can release a virus, ransomware, or other type of foothold in your business network. According to Rob Otten and Michael Allen at Security InfoWatch:

“Unlike corporate email, which often blocks suspicious links and attachments, personal email cannot be easily filtered for malicious content by the enterprise. Webmail content is typically delivered over end-to-end encrypted communications, such as HTTPS, allowing attachments received via personal accounts to completely bypass the organization’s content filters.”

One of the best ways to combat these online shopping threats in the workplace is to create a culture of security. When you’re continuously training employees and building awareness of potential phishing threats, you can harden the front lines of your business network without any new technology.

But awareness training can only get you so far. You can’t eliminate human error and employees will keep finding ways to shop online during work hours. To fill the gaps, you need total network visibility and real-time monitoring.

Keep Your Network Secure 24/7/365

Whether you’re up against increased online shopping for the holiday season or you need to curb the ongoing vulnerabilities throughout the year, you can’t take a set-it-and-forget-it approach to security. Simply deploying a firewall and anti-virus software won’t get the job done.

To shore up vulnerabilities related to human error, online shopping, and other risky employee behaviors, you need:

• Real-Time Monitoring: Attackers can spend days or even weeks within your network if you don’t have the proper monitoring tools and practices. Any amount of disruption can have costly repercussions, so you need real-time insights into traffic anomalies and potential threats.

• Security Operations Center (SOC): Your network is constantly evolving, and it takes a full-time team to analyze the organization’s security posture. With a SOC, you have a dedicated set of security pros who are ready to plug any holes in your network security.

• Penetration Testing and Vulnerability Assessment: Network security is no longer just about reacting to threats. You have to proactively address vulnerabilities and spot weak points that attackers could target.

These are just a few of the keys to network security that can offset the risks of employee online shopping. But for many businesses, it’s too costly and complicated to bring them all in-house.

If you want a managed security provider that can partner with you for all your network protection needs, contact us today and find out how we can help.