Happy Holidays! As you make online purchases, and try to make the extra stressful 2020 shipping deadlines, please remember to be extra vigilant about online security. We thought the tips below from our vendor partner Zix/AppRiver* would be helpful to share with your staff:

Majority of SMBs estimate employees are holiday shopping with a business-use device

• 82% of all SMB executives and IT decision makers surveyed estimate “many” of their employees will shop online this holiday season using a work computer or a business-use device, on which business and customer data are also stored and transmitted .

• Holiday shopping online using a business device appears to be highly prevalent . Education, Financial Services and Insurance, Government, Manufacturing, Media, Nonprofit, Technology and Telecom, and Transportation and Logistics are among key industries in which over 85% of all executives surveyed estimate “many” employees would be using a business device to shop online this holiday season .

• The propensity for executives to believe many of their employees will shop online at work or using a business-use device is even higher among those at larger-sized SMBs . 88% of executives at medium-sized SMBs with 50–149 employees and 90% of executives at largest-sized SMBs with 150–250 employees believe many of their employees will be doing so this holiday season .

SMBs know the practice is a security risk, but most have no plan to stop it

• Among the majority of IT decision makers who know employees would be holiday shopping using a business-use device, 61% admit they know this increases cybersecurity risks for their business and customers, but they believe it is a fact of life, and there is not much they can or plan to do about it .

• 64% of executives at medium-sized SMBs (50–149 employees) and 68% at large-sized SMBs (150–250 employees) say there is nothing they could do to stop the practice they know to be risky .

3 in 10 are not aware the practice is in fact risky

• Perhaps equally troubling as executives who know it is risky but plan to do nothing, 32% of all IT decision makers surveyed were not previously aware shopping with a business-use device could expose their organization to higher cyberthreat risks .

• Nearly half (48%) of all IT decision makers at nonprofit organizations admit they did into know the practice could increase their security risks .

Half do not trust employees could detect a fake retailer link

• Compounding the risks of shopping online using a business device, nearly half (49%) of all surveyed estimate most of their employees would not be able to spot an illegitimate link posing as an online retailer in potential phishing attempts .

• Among these executives and IT decision makers, 4 in 10 lack confidence that they themselves could consistently distinguish an illegitimate link from a real one .

• In several highly regulated industries where employees have access to sensitive data — including Financial Services and Insurance (52%) and Healthcare (63%) — over half are pessimistic and believe most of their employees would not be able to distinguish a fake retailer’s link in a phishing attempt from a legitimate one . 92% in Financial Services and Insurance and 78% in Healthcare believe many of their employees will be holiday shopping using a business-use device .

Many employees are expected to shop online using a business-use device this
holiday season. 6 in 10 employers are aware this imposes cybersecurity risks, but are not doing anything about it.

Nearly half of all SMBs surveyed lack confidence that most employees can tell the difference between an illegitimate link from a cybercriminal posing as a fake online retailer and a legitimate one.

*The Zix | AppRiver Cyberthreat Index for Business was developed by independent firms Idea Loft and Equation Research, in consultation with the University of West Florida Center for Cybersecurity, using survey data collected online in October 2019.

The survey has a + / – 3% margin of error. The national sample of respondents comprises 1,049 C-level executives and IT decision makers in small-to-medium-sized businesses and organizations with 1–250 employees (SMBs). 74% of these SMBs have compliance requirements.