Skip to main content

Blog12

Company blog category.

Caroline Gantt
In Blog

How CEOs Can Manage Employee Productivity During The Holiday Season

How CEOs Can Manage Employee Holiday Shopping

Your employees are shopping during work hours whether you like it or not. You might as well make it official.  Use this as a guide on how to control it now before it controls your company.

Your employees are shopping during work

According to a national study by Finder.com, 234 million hours of workplace productivity are lost to online holiday shopping. That’s not a rounding error. That’s billions of dollars in lost productivity across American businesses. 

Here’s the reality CEOs need to face: 64% of employees plan to do “workshopping” – shopping while at work – this holiday season, according to Robert Half Technology. When asked how often, 36% said a few times a week, and 8% said almost every day until they finish their shopping lists. 

The Reality CEOs Need to Face

According to FindLaw research, 50% of all Americans use work Internet for personal use, with online shopping ranking among the top five personal activities. Most companies have policies limiting this behavior, but those policies aren’t having much impact. 

Here’s why: clinical psychologist Chloe Carmichael, who specializes in stress management, explains that people shop on the clock because accomplishing personal tasks at work reduces stress by making us feel more productive. Shopping is a clear and simple task, whereas work projects can feel amorphous and harder to solve. 

More troubling: online shopping can be addictive. When we acquire things, we get a hit of dopamine, which provides a sense of fulfillment. With online shopping via credit card on company computers, the transaction feels nebulous compared to handing cash to a cashier. 

The Cybersecurity Risk Nobody's Calculating

While your employees browse Cyber Monday deals, they’re opening your network to threats. According to SlashNext’s 2023 Mobile BYOD Security Report, 71% of employees have sensitive work information on their personal devices, and 43% were the target of work-related phishing attacks on their personal devices. 

Even more concerning: 90% of security leaders say protecting employees’ personal devices is a top priority, but only 63% say they definitely have the tools to do it adequately. 

The problem: employees don’t distinguish between “work tasks” and “personal tasks” when they’re already logged into work systems. Personal shopping on work devices or work-connected personal devices means: 

  • Clicking links from promotional emails (prime phishing territory) 
  • Entering credit card information on potentially unsecured sites 
  • Downloading receipts and invoices that could contain malware 
  • Using saved company credentials while browsing third-party sites 

FindLaw notes that up to 40% of workplace internet usage involved non-work-related websites even before the remote work era. Beyond lost work hours, there’s stolen bandwidth, cybersecurity risks from viruses, and potential liability if employees engage in illegal activities online using company resources.

Strategic Options for Different Business Types

These options outline practical ways to balance productivity, morale, and cybersecurity during high-traffic shopping periods like Cyber Monday. Each approach fits a different business model—from service firms and manufacturers to startups and large enterprises—so you can choose the strategy that best matches your team structure, risk level, and operational needs.

Option 1: Give Them Cyber Monday Off

 Best for: Service businesses, professional services, agencies

Officially close the office on Cyber Monday. Not a half day. A full day off. 

Why this works: 

  • You recapture productivity the other 364 days when employees stop stealing minutes 
  • You eliminate cybersecurity risks when they shop from home on personal devices 
  • You boost morale without breaking the bank 
  • You can actually plan around the downtime instead of random productivity loss 

Implementation: Announce three weeks ahead, clear all deadlines by Friday before, set out-of-office messages, return Tuesday with full focus. 

Option 2: Designated Shopping Hours

Best for: Retail, manufacturing, businesses with shift work

Create official “shopping windows” – perhaps 12-1pm and 4-5pm daily from November 15-30. 

Why this works: 

  • Employees know when shopping is acceptable, reducing guilt and sneaking 
  • You can schedule critical work around these windows 
  • IT can increase email filtering sensitivity during these hours 
  • Provides structure without appearing draconian 

Implementation: Communicate clear windows, require use of personal devices during these times, block shopping sites outside designated hours, monitor bandwidth usage. 

Option 3: Personal Device Policy with Secure Guest Wi-Fi

Best for: Tech companies, startups, creative agencies

Create a separate guest Wi-Fi network for personal devices. Employees can shop on their phones/tablets but never on company computers. 

Why this works: 

  • Completely separates personal shopping from company network 
  • Employees maintain shopping flexibility 
  • Your IT infrastructure stays protected 
  • Easy to monitor and enforce 

Implementation: Set up segmented network now, communicate policy clearly, make guest Wi-Fi password only available to employees, disable shopping sites on company network entirely.

Option 4: Results-Only Work Environment

 Best for: Knowledge workers, remote teams, project-based businesses

Stop monitoring hours. Start measuring results. If employees hit their goals, their shopping habits are irrelevant. 

Why this works: 

  • Shifts focus from activity to outcomes 
  • Eliminates need for monitoring internet usage Attracts and retains top talent who value a
  • utonomy 
  • Naturally weeds out low performers 

Implementation: Define clear quarterly goals, weekly check-ins on progress, judge performance on results not hours logged, still maintain security protocols for company devices. 

Option 5: The Amazon Model

Best for: Large organizations, call centers, operations-heavy businesses

Follow Amazon’s approach: provide dedicated break rooms with company computers specifically for personal use, separated from work network. 

Why this works: 

  • Acknowledges reality of personal internet needs 
  • Provides controlled environment for personal browsing 
  • Keeps work devices clean and monitored 
  • Can limit timing through break schedules 

Implementation: Set up dedicated space before holiday season, install computers on separate network, limit session times, make it a privilege that can be revoked for abuse. 

Non-Negotiable Security Measures Regardless of Which Option You Choose

  1. Increase email filtering sensitivity in November-December – Promotional emails spike and many contain sophisticated phishing attempts disguised as deals. 
  2. Monitor for unusual data downloads – Employees might use customer lists for personal holiday cards. Set alerts for bulk downloads. 
  3. Restrict USB drive usage – People bring personal devices to work for holiday planning. Don’t let them connect to your network. 
  4. Double-down on Business Email Compromise awareness – Attackers know businesses move money faster during holiday promotions. Require dual verification for all payment changes. 
  5. Lock down credit card processing – If you run holiday promotions, ensure PCI compliance is airtight and only authorized personnel can access payment systems. 
  6. Require VPN for all remote workers – If employees work from home during holidays, mandate VPN usage for any work-related access. 

Legal Considerations

According to FindLaw’s employment law guidance, employers have the legal right to: 

  • Monitor all communications and computer activity on company-owned devices 
  • Read employee emails and retain copies as needed 
  • Restrict personal activities on company networks 
  • Block specific websites or categories of sites 

However, you must consider employee privacy and comply with state-specific laws. California’s CPRA, for example, extends restrictions on how employers collect, use, and share personal data from employees. This is not legal advice—always consult your own legal counsel to confirm compliance with privacy and state-specific laws.  

The Framework for Your Policy

Your internet use policy should: 

  • Clearly specify acceptable personal use parameters 
  • Explain cybersecurity risks in plain language 
  • Define consequences for policy violations 
  • Address social media, online shopping, and personal email separately 
  • Require strong passwords and prohibit unauthorized downloads 
  • Be reviewed by employment law attorney for state compliance 

You have three choices: 

  1. Fight human nature and lose productivity plus security 
  2. Ignore it and hope for the best (worst option) 
  3. Work with human nature strategically 

The worst thing you can do is have an unenforced policy that everyone ignores. That breeds contempt for all company policies and creates legal liability when you do need to enforce something. 

Pick a strategy that fits your business model. Communicate it clearly. Enforce it consistently. And make sure your cybersecurity measures are rock-solid regardless of which approach you choose. 

Your employees will shop during the holidays. The only question is whether they do it in a way that protects your business or exposes it to risk. 

For additional help for Black Friday & Cyber Monday

Call us today
Caroline Gantt
In Blog

Black Friday Cyber Threats

The Black Friday Cyber Threat You're Probably Not Prepared For

Black Friday isn’t just the biggest shopping day of the year. It‘s one of the biggest hacking days of the year.

Cybercrime Spikes 70% on Black Friday

Cybercriminal activity spikes by 70% during Black Friday, compared to regular shopping days, per CoinLaw’s 2025 data.  

For small businesses, this reality hits different. According to CoinLaw’s 2025 financial cybersecurity analysis, 56% of small and midsize businesses reported a cyberattack during Black Friday sales last year.  

While you’re focused on sales volume, cybercriminals are focused on your systems. 

The 2025 Threat Landscape: 

Allianz Commercial’s 2025 cyber risk report shows that ransomware accounts for 60% of the value of large cyber claims, and they’re predicting an uptick in loss activity from Black Friday onwards. 

But here’s what’s changed: Attackers are shifting focus to smaller firms. Ransomware was involved in 88% of data breaches at small and medium firms compared to 39% at large firms. You’re not too small to be a target. You’re the preferred target. 

What's Coming in 2026: 

Impact My Biz reports that credential stuffing incidents surged by 80% during Cyber Monday in 2023, affecting over 40 million accounts globally. With AI making phishing more sophisticated and deepfakes more convincing, 2026 will be worse unless you prepare now. 

DDoS attacks during Cyber Week are becoming standard. Imperva’s analysis shows they prevented an average of 30 hours of downtime per retail site during the 2023 holiday season, with 10 hours prevented during Cyber Week alone. 

Your Action Plan - Starting Today: 

Start Your Action Plan Today. Here is a short list of what you can do NOW, but your plan should expand on this list and take into account your own unique set of requirements and risks— 

  1. Run a cyber risk assessment now  Don’t wait until the week before Black Friday. Identify vulnerabilities in your payment processing, customer data storage, and website infrastructure. 
  2. Patch everything – Every outdated plugin, every pending security update, every “we’ll do it later” task needs to be done before November 1st. 
  3. Test your backup systems – When ransomware hits on Black Friday, you need to know your backups work. Test restoration now, not during the attack. 
  4. Implement rate limiting – Protect against credential stuffing and DDoS attacks by limiting login attempts and implementing bot detection. 
  5. Schedule security monitoring coverage – Your IT team needs to be alert during peak shopping hours. Plan coverage now. 

This isn’t about being paranoid. It’s about being prepared. The hackers are already planning their Black Friday. Are you? 

Next week: What employers can do to keep employee productivity up during the holiday season. 

For additional help for Black Friday & Cyber Monday

Call us today