Are employees on the web working or shopping?

By Ken Tysiac

As holiday shopping season heats up, it appears an increasing number of employees will have the freedom to engage in unrestricted e-commerce during work hours.

More than a quarter (27%) of over 2,400 CIOs at U.S. companies said in a survey that their company’s policy is to allow unrestricted access to employees for shopping online while at work. That’s up from 16% last year and 10% in 2012.

The survey by IT professional outsourcing provider Robert Half Technology was based on interviews with CIOs from companies with 100 or more employees in 24 major metropolitan areas in the United States.

“Employers recognise that some flexibility is needed to help workers successfully manage their time during the hectic holiday season,” John Reed, senior executive director of Robert Half Technology, said in a news release. “Allowing professionals to attend to the occasional personal errand at work, like holiday shopping, can make all the difference to them during this busy time of year.”

Each year, roughly the same percentage of CIOs (30% this year, 29% in 2013, and 33% in 2012) have said they block access to online shopping sites. A shrinking percentage (42% in 2014, down from 54% in 2013 and 55% in 2012) allow access but monitor for excessive use.

Unrestricted access to shopping sites for employees can pose IT security threats to organisations, according to David Cieslak, CPA/CITP, CGMA, a consultant with Arxis Technology in California. He said most malware gets onto company systems through email schemes or infected links.

“If you are allowing folks to freely roam, you increase the risks that they are going to be clicking on stuff that, in fact, could turn into a distinct threat to the organisation,” Cieslak said.

Trying to block access to certain sites can be difficult because it’s hard to predict which websites employees need to visit for business purposes. As a result, some organisations are blocking obviously objectionable sites but otherwise allowing unfettered access to legitimate web locations, according to Cieslak.

But those organisations may be monitoring employees’ web use during working hours, Cieslak said, to prevent excessive personal use of the internet during company time.

“The reality is, the employees will have personal lives,” Cieslak said. “They do need to, every once in a while, jump on a website to follow up on something that may be going on in their home life. Do we try to block that, or do we try to at least allow it but at some level keep an eye on it for reasonableness? I think that’s what many organisations do.”

Ken Tysiac ( is a CGMA Magazine editorial director.

Don't miss out on additional news and features from CGMA Magazine.
Sign up for our free weekly e-newsletter.