In a perfect world, your employees would be working hard all day long ignoring the tempting distractions the Internet brings. However, with Cyber Monday and other online holiday deals being blasted all over the place, chances are they will be shopping online, grabbing great deals while on the clock.
Small businesses have a lot more at risk than lost productivity this holiday season, experts warned. Employees browsing and shopping online can open a business up to scams and security breaches, particularly smaller companies that tend to lack adequate protection.
Michael Kaiser, executive director for the National Cyber Security Alliance, said that 77% of small businesses do not have internet security policies in place, so many employees that shop online at work aren't violating workplace protocol. For businesses that want to be upfront with their workers about shopping online on company computers, Kaiser suggests having an honest conversation.
"Start by reminding them that they have a significant responsibility to protect the information of employees and customers," he said. "That is a shared responsibility with employees. This can put the whole business at risk, and people don't understand that as well as they should."
Eduard Goodman, chief privacy officer for IDT911, advised employers to tell employees that the office is not the time to get personal shopping done.
"Let them know there is work time, and that should be separate from private time," Goodman said. "Their time shouldn’t be spent looking for buys and surfing sites."
Here are Goodman and Kaiser's tips for keeping your company information safe this Cyber Monday and throughout the holiday shopping season.
No. 1: Talk about email accounts. Goodman said businesses should make clear to workers that if they are going to shop online, they should not use a work email to login or sign up for offers.
"There are a number of reasons for that, including potential spamming after you make a purchase to spear phishing for larger, more well-known companies," he said. "This takes up company resources and opens the company up to other potential attacks."
No. 2: Update software. Kaiser said that while this tip may seem obvious, many companies don't take the time to ensure their software is up to date.
"This includes patched operating systems, current web browsers and making sure your [anti-virus] subscriptions haven't lapsed," he said.
He also added to be sure employees that are connecting to your company's server remotely over WiFi networks are only using protected sources. Unsecured networks open up your company to greater risk.
No. 3: Think about blacklisting. You can take your protection and web policy one step further and actually blacklist certain sites on company computers, Kaiser said. While some businesses do this for things like personal email sites and social media networks, businesses can also include retail web addresses.
No. 4: Use temporary cards. The experts suggested employers buying gifts online for their employees use a temporary card that can only be used once.
"A lot of times businesses will be using corporate or company cards when buying things for their employees," Goodman said. "You don't want to expose company credit or debit cards; the rules are not as generous as they are with consumer accounts."
No. 5: Use only refutable URLs. Goodman and Kaiser agreed that for those employers who are allowing employees to shop online, they should let them know not to click through email links to find buys.
Tell employees to type in URLs directly and only shop from well-known sites. Spam emails with false deals will be abundant, especially during the holiday retail rush.
"People will be flooded with amazing deals," Kaiser said. "If it looks too good to be true, it probably is."