There’s probably a massive hole in your cyber security. It’s probably been there for years. You probably already know about it you may even be the main culprit behind it. And you probably don’t even realise it’s a security risk: Shadow IT.
Shadow IT refers to the use of any hardware or software in a company that is not approved by the IT department. Examples include: employees using different software to edit photos, storing company files on their personal flash drives, or simply using a different internet browser to check their email.
It’s estimated up to 80% of employees use Shadow IT at work to complete their daily tasks. Shadow IT is a widespread occurrence in the workplace and should be prevented whenever possible because of the many problems it creates.
Why It’s Risky
It may not seem like a big deal for an employee to use different software or hardware at work, but it can create many problems for a company. The main problem is security if your IT team doesn’t know about it, they can’t keep it secure. Software that has not been approved by the IT department may have vulnerabilities that would allow a hacker to gain access to the company network and view all company data.
Even safe, legitimate software and apps can have security holes and vulnerabilities that need to be patched. Again, if your IT doesn’t know it’s there, they can’t install the necessary patches to close the holes.
Another reason shadow IT is dangerous is that it can prevent data from flowing freely to all who need it in a company (example: an employee may be using personal software or hardware to store company data). This is particularly dangerous because the IT department cannot make sure all this data is being backed up in case of data loss.
Why Employees Use It
Shadow IT poses a severe risk, but employees do not use Shadow IT with malicious intent. Instead, employees use Shadow IT because they view different software or hardware as able to make their jobs easier and more efficient.
Employees grow frustrated with the software that they are given and find better ways to accomplish a task. Sometimes this is because the tools they have just aren’t up to the task. It can also happen because of a lack of training. You can give your employees the best tools in the world to do their job, but if they don’t know how to use them, it’s as good as no tools.
How to Prevent It
The best way to prevent Shadow IT is to give employees the right tools and the right training to do their job.
A great way to make sure employees have the necessary tools is to listen to what they are saying about the tools that they have been given. Employees often know of software or hardware that can make their work more efficient, and they should be listened to about these tools.
Once IT is aware of the software or hardware that employees want to use, they can take the necessary steps to make sure these tools are safe to use for company work. Make this a quick turn around process, though. If it takes weeks for the IT team to approve a new app or software, though, people will be more likely go around it.
One more extreme way to enforce this is to only give admin accounts on computers the rights to download programs.
Shadow IT is common, and many do not see the harm in using unapproved programs or hardware in their work. However, shadow IT is not as innocent as these people think. Shadow IT creates security risks to your network, stops data from being backed up, as well as prevents other employees in your company from being able to access data they need.
Employees need to understand the risks that are involved in using unapproved software or hardware, and need to be educated on how to use the software or hardware they are expected to work with.
Shadow IT can be a significant security risk, or it can be an opportunity for a company to grow as it better learns how its employees work, and how to supply them with tools to make their work more efficient.
If you’re in the Brisbane area and would like to find out more about this or other IT topics, please don’t delay Contact QCS Group, at 1300 858 723 or by sending us an email to: firstname.lastname@example.org