Finder makes money from featured partners, but editorial opinions are our own.

Online shopping at work could expose businesses to security risks


Employees who spend time shopping at work aren't just affecting the bottom line.

Most business owners know that online shopping at work can affect the bottom line, but one cybersecurity expert says it can also expose a business to security risks.

According to online insurance specialist Edmund, employees who do a lot of online shopping are likely to enter their personal email and passwords into more sites than their non-shopping colleagues would. Small- and medium-sized businesses could be in trouble if any of these passwords fell into the wrong hands and these happened to be the same passwords used to access the businesses network.

“One of the most damaging results of recent high-profile data breaches at LinkedIn, Yahoo, Adobe, eBay, Uber, Twitter and Under Armour was that hundreds of millions of email addresses and passwords were compromised. Recently, I caught up with one of the leading threat intelligence companies in the US who showed us evidence that you can actually buy compromised email addresses and associated passwords on the Dark Web. What we saw was striking," Edmund's co-founder and director Richard Smith said in a statement.

There is a lot of damage cybercriminals can do with the right password. Smith says they can extort the business by using ransomware to lock down the business' network until payment is made or they can steal client data and put it up for sale on the Dark Web.

Even if the compromised passwords don't give them access to your business' systems, they can still try to scam the employee into paying funds into a fraudulent account.

“With an e-mail address and password, cybercriminals may be able to quickly work out how to gain access to your business network. At the very least, they are well equipped to launch phishing and/or social engineering campaigns against you,” Smith said.

Just last year, the Australian government said 12.5 million Australian email addresses have been published online, and that was just on a single identified server.

While the government is implementing its own strategies to combat cybercrime toward businesses, business owners can take their own steps to avoid it. To start with, they can train their employees to practice good password hygiene. This includes practices like using different types of characters in their passwords and changing their passwords often.

Cyber insurance is also an important safeguard against cybercrime. It is a form of business cover that protects businesses from loss due to cybercrime and from lawsuits from customers whose data was stolen during a hack.

Get a few cyber insurance quotes for your business

Business insurance feed

Picture: Shutterstock

Ask a Question

You are about to post a question on

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms Of Service and Finder Group Privacy & Cookies Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Go to site