What that means to your network – and your organization
On the surface, these activities may appear relatively harmless. However, employee shopping on Black Friday can signiﬁcantly and negatively impact your company’s bandwidth, productivity, security and liability.
Bandwidth consumption does not just aﬀect web browsing by other employees. Today’s organizations are dependent on bandwidth for a broad range of processes, including data backup and synchronization, cloud-based applications and services, as well as IP telephony and videoconferencing. Depending on telecommunications contracts, increasing available bandwidth to meet Black Friday demands can be costly.
Online holiday shopping can also put a big hit on workforce productivity. It’s like taking an extended lunch break on your computer. While many salaried employees are measured by results over time spent, depending upon the nature of your organization, half or more of your employees may be engaged in by-the-hour or time-sensitive processes, where time equates directly to productivity. In these cases, time spent on shopping sites while on the clock can add up. Plus, slower aggregate bandwidth stiﬂes the productivity of those actually at work and adds administrative overhead for IT requests to resolve those slowdowns.
Of even greater concern is the security impact of online holiday shopping. Who knows whether the sites employees visit to make purchases are legitimate and aren’t sources for malware distribution. Often, employees are allowed broad access to the Internet, including unsafe sites that expose organizational endpoints to malware, via drive-by downloads, watering-hole attacks and other related exploits. Over the holidays, for example, your employees are subjected to sophisticated phishing scams that leverage convincing counterfeit websites that act as launch pads for malicious zombie and botnet attacks. Once endpoints are compromised, the malware can then communicate back to command and control centers and exﬁltrate sensitive data.
These threats also put your organization in greater risk of liability. For example, your company may be held responsible for not having reasonable controls in place to prevent the exﬁltration of credit card data or other sensitive information.