Insights
Insights
When the pandemic began, businesses had to quickly come up with a solution to make sure everyone had access to company systems and data from home, which led to many staff using their own devices and preferred software to work.
But how many of these were checked by your IT provider? Shadow IT refers to any IT system, app, hardware, or technology used within a business without the knowledge and approval of your IT team.
One of the biggest reasons employees adopt Shadow IT is simply to work more efficiently. According to reports by CIO Insight, 49% of business employees use non-registered apps because they’re familiar with them and they’re easy to use. Workers also adopt new technologies that can help them be more productive.
This may be a quick fix, but if your IT provider is left in the dark about which platforms and apps employees are using, it becomes far harder to prevent cyberattacks or quickly recover when they do happen.
The main risk of Shadow IT is security. Unchecked software leads to security gaps and this can create new opportunities for hackers. Devices that don’t have the anti-virus, malware protection and monitoring that company systems do makes them vulnerable.
Hackers can gain access to a vulnerable device that’s connected to a corporate network (this could be someone’s personal laptop or smartphone) and use it to steal or launch a DDoS attack.
With Shadow IT, there’s also chance that an unapproved application/piece of software doesn’t ensure data backups and that employees haven’t thought about creating a proper recovery strategy. So if something happens, important data may be lost.
Software providers constantly release new patches to resolve vulnerabilities and fix errors found in their products and usually, it’s up to your IT provider to keep an eye on these and apply them across your network.
But when it comes to Shadow IT, your administrators can’t keep all products and devices up to date simply because they’re unaware that they exist. Cyber criminals frequently rely on people running outdated software, which they can then exploit.
Devices and software unauthorised by your IT provider make it impossible to meet security standards such as PCI-DSS (Payment Card Industry Data Security Standard) and regulations such as GDPR. This could lead to fines and even lawsuits or reputational loss.
Under GDPR, you are obliged to process users’ personal data lawfully, fairly, and transparently. But without knowing all of the software used by your employees, you can’t ensure that only authorised employees can access sensitive data. If people are working from home or hybrid working, it’s likely that other people may be sharing the same device.
The best thing you can do to mitigate the risk of Shadow IT is ensure your IT system is managed efficiently – here are some of our suggestions:
If your company is without a strong Bring Your Own Device (BYOD) or Mobile Device Management (MDM) policy, you’re more likely to be open to attacks and data breaches.
Having a secure device policy in place helps you to clearly identify all employee devices and software being used, to establish security protocols and device boundaries, plus the ability to wipe a device that’s been lost or stolen.
Encourage employees to be transparent about what software they use. This will help you detect the use of risky software/devices, and also embrace new technology. It may be that tech adopted by your employees turns out to be more efficient than the standard ones you use already.
Remember, that allowing staff to use their own devices helps them to be more productive, to allow for remote/hybrid working and to give them flexibility. It’s best to now gather all the information about the devices and software they need to do their jobs and you’ll be able to keep everyone happy and secure.
It’s important that you educate your employees on the possible consequences of using software that’s not been approved.
Understandably, when they are busy at work, people may forget to mention additional tools they use, but hopefully understanding the potential risks and consequences of adopting new tech will make workers think twice before trying new software without consulting your IT provider.
Make sure your employees are able to reach your IT provider easily, so that they can suggest and agree on software that meets both security requirements and employees’ expectations.
Monitoring what happens within your company network will help your IT provider to gather information about the software, applications, and web resources your employees work with. You can then detect who in your company starts using unapproved IT solutions and when.
Above all, understanding the risks of Shadow IT will help you to face this growing attack. But if your employees’ application use is getting out of hand, and you fear that your current IT provider can’t keep up with the demand for the best applications, we can help.