top of page

The risks of online shopping at work

Looking for Christmas presents online? Stick to your personal devices for your bargain hunting, using the office computer, laptop or phone poses risks not only to the business, but also to the user.

Using a business computer to shop online comes with several risks, potentially compromising both the security of the business and the personal information of employees. Here are some of the key risks associated with this practice:

Security Vulnerabilities

Business computers may not have the same level of security as personal devices, making them more susceptible to malware, phishing attacks, and other online threats.

Data Breaches

If a business computer is used to make online purchases, there is a risk that sensitive business information or employee data could be exposed in the event of a data breach.

Unauthorised Access

Storing personal login credentials or payment information on a business computer can lead to unauthorised access. If the computer is shared among employees, it increases the risk of someone else gaining access to sensitive data.

Financial Fraud

Business computers are often linked to corporate accounts and financial systems. If compromised, cybercriminals could exploit this to engage in fraudulent financial transactions or gain unauthorised access to business funds.

Phishing Attacks

Shopping online increases the likelihood of encountering phishing scams. Employees may inadvertently click on malicious links or provide sensitive information in response to fraudulent emails or websites.

Lack of Monitoring

Business computers are typically monitored and managed by the organisation's IT department. Using these devices for personal online shopping may bypass security protocols and make it more difficult for IT personnel to detect and respond to potential threats.

Policy Violations

Many organisations have policies restricting the use of company resources for personal activities. Using a business computer for online shopping may violate these policies and could lead to disciplinary action.

Compromised Network Security

Online shopping can introduce potentially harmful software or malware into the business network, affecting other connected devices and compromising overall network security.

To mitigate these risks, it's advisable for employees to use personal devices for online shopping and to adhere to company policies regarding the use of business resources.

Employers can also implement cyber security measures such as firewalls, antivirus software, and employee training programs, to enhance overall security.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page