Like it or not, when your employees return back to work after the Thanksgiving holiday, a good number of them are going to spend their break time (and some work time) doing a little (or a lot) of holiday shopping. Last year, comScore found that half of Cyber Monday shopping was conducted from a work computer. It is likely those numbers will be similar this year.
If your company has found a way to stop employees from doing personal shopping on work-owned devices, congratulations, because I know that isn’t easy. But it isn’t just work-owned devices to be concerned about. Employees who use BYOD for work purposes are also shopping on those same devices. The folks at Qualys have done some research that should give anyone pause about mixing shopping and work. At the Laws of Vulnerabilities blog, Wolfgang Kandek wrote:
Over the past 12 months we have been collecting data from over 1 million typical end-user computers and their installed browsers. From this research, we have found that more than half of the tested machines have critical vulnerabilities. These vulnerabilities allow cybercriminals to take remote control of your machine, search your disk drive for valuable information, monitor all keystrokes and e-commerce transactions, and intercept private information, such as usernames and passwords, credit card numbers and bank account details.
Kandek said it doesn’t matter which browser you are using — they all have risk associated with them, and the biggest risk areas are found in the plug-ins we use. He stated:
Our research shows that the worst plug-in is Java, installed on 82% of all tested machines, with over one third of all installations vulnerable, closely followed by Adobe Flash, which is installed on over 67% of all tested computers, with 24% left vulnerable.
What can you do to make sure your employees aren’t putting your network at risk while they search for the best possible bargain? You can turn to a tool like BrowserCheck, which instantly scans users’ browsers looking for vulnerabilities in the browser and its plug-ins, providing links to fix any issues detected. I ran it on my browsers, and even though I keep on top of updates, there were a few vulnerabilities I didn’t know about. Even the most vigilant among us let things slip.
So before your employees attempt to ring up their first sale, you might want to remind them that the bad guys will use a variety of tactics to steal everything from payment information to confidential corporate documents. Ensuring browsers are ready is just one more thing to do on that holiday checklist.