Eight out of 10 UK consumers who use a computer, tablet PC or smartphone for work activities feel their online privacy is threatened, but many persist with actions and attitudes that put their privacy and security at risk, according to a new survey.

The study of 1,000 UK office workers by global non-profit IT association ISACA found that majority of respondents said that the risk of Bring Your Own Device (BYOD) outweighs the benefits, yet year over year, but there has been a 22-point percentage drop in enterprises that prohibit BYOD.  With the increasingly blurry line between work and personal devices, behaviours that put privacy and security at risk have the potential to impact enterprises.

Sharing information online is riskier than ever, say one-quarter of the respondents. And only 12 per cent say they do not think their online privacy is threatened. Yet despite these concerns, UK consumers reported engaging in the following risky behaviour: 10 per cent have clicked on links in email from people they did not know, 16 per cent have used the same passwords for work and shopping sites, 20 per cent have clicked on links from social media sites, 23 per cent have used their work email address for online shopping and 8 per cent have lost their work or personal device they used for work.

Employees’ online activities pose a special challenge to employers during the holiday season, since 69 per cent of survey participants plan to shop online during the holiday season of November and December. Of those, 27 per cent will spend five hours or more shopping on a work device and nearly 10 per cent will spend 10 hours or more.

Additionally, 44 per cent will spend five hours or more and 16 per cent will spend 10 hours or more shopping on personal mobile devices also used for work—a practice called “bring your own device” (BYOD).

The enterprise will lose £10K or more in lost productivity as a result of an employee shopping online during work hours in November and December, say 29 per cent per cent of those surveyed. Over a third believe that employee will spend on average more than a full work day shopping online during work hours using a personal computer or smartphone, and 27 per cent estimate they will spend more than a full day shopping from a work-supplied device.

Several of the “unsafe” actions consumers admitted taking were among the most worrisome to ISACA members—for example, storing work passwords on personal devices (77 per cent say it poses a high risk to the enterprise) and using online file-sharing services like Google Docs or Dropbox for work documents (75 per cent) were top two actions rated as high risk.

In fact two-thirds of organisations prohibit using a file-sharing service for company documents and 40 per cent prohibit using a personal mobile device for work purposes.  The majority (59 per cent) of respondents say that the risk of BYOD outweighs the benefits, yet year over year there has been a 22-point percentage drop in enterprises who prohibit BYOD (down from 66 per cent to 44 per cent).

“The survey shows a sizable gap between what people believe they should do and how they actually act. Given that 23 per cent of employees in the UK now use their own personal devices for work purposes—devices over which the enterprise has limited control—companies need to advocate an embrace-and-educate approach. Embrace the technology, but provide ongoing training about the personal and enterprise risks and how to avoid them,” said Marc Vael, international vice president of ISACA.