Half of UK workers will use their personal smartphone to shop online this festive season, says ISACA.
Research by the firm's 2011 Shopping on the Job: Online Holiday Shopping and BYOD Security survey revealed 13 percent shop online because they believe its faster than shopping on the high-street, while 30 percent use the web as its easier.
One in ten online shoppers said they use a dedicated retail app on their handset, although 75 percent of these said they turn off location tracking services because they're concerned about stalking and identity theft.
Furthermore, 10 percent said they use a work-supplied smartphone, while 54 percent asdmitted they use a personal device for work, which the ISACA says shows the growing trend for bring your own device (BYOD) in today's workplace. Half of those surveyed said they're more concerned about protecting their own PC or smartphone rather than their work-supplied device. A quarter also admitted they're not concerned that shopping online at work may affect their organisation's IT network.
"As they are grabbing online deals and buying gifts for loved ones with their work-supplied devices - or personal devices also used for work - employees also have to be aware that they are placing not only their own security, but also their organisation's information, at risk," said Marc Vael, director at ISACA and chair of the association's Knowledge Board.
"It is important to provide education and take precautions since the BYOD trend is here to stay."
Vael said employees should find out if their firm has a policy regarding using personally owned devices for work activities, as well as ensuring all sensitive data stored on mobile devices is encrypted and password-protected and only apps from a trusted provider are downloaded.
John Pironti, security advisor with ISACA, said there is a distinct gap between what IT departments may do and what employees understand or know about.
"For example, many employees do not realise that, as part of the process of connecting their personal device to the organisation's corporate network, they may have agreed to allow their personal smartphone or tablet to be remotely or locally wiped clean if they lose it or the organisation believes it has become compromised while storing confidential data. Setting a policy for the use of personal smart devices and effectively communicating it to employees are crucial."