Many of our old ways of working whilst in an office, using a secured network, sometimes don’t translate directly to full-time working from home. Your staff might have started using systems and applications that your organisation hasn’t endorsed, or with known security issues, such as Trello, DropBox or Zoom.
Shadow IT may not be a term you’re familiar with, but I’m certain it’s a problem you’re currently experiencing. A 2020 study found that 64.5% of workers had created at least one shadow IT account in the last year – and, worryingly, that study was conducted before social distancing measures were enforced.
In this article I will outline:
Usage of software or hardware that hasn’t been approved or administered by your IT department is known as shadow IT. During times like this we see spikes in shadow IT. This might be, for example, due to old workflows becoming suddenly unfit for use, or when people need workarounds for limitations (e.g. strict IT rules or lockdown) to get their jobs done well.
While the use of shadow IT is understandable, IT that has not been approved by you is now responsible for keeping sensitive business information safe.
The problem with shadow IT is that without the oversight and input of IT, it is very easy for shadow IT to become an access point for cyber attacks, or for employees to unwittingly create vulnerabilities.
For example, Zoom suffered from issues with its installer being used to gain access to people’s PCs, no end to end encryption of video calls, and “Zoombombing” where users would gain access to chats and send disruptive comments or media.
So, what can you do to resolve shadow IT issues in a way that won’t frustrate staff and that is appropriate during a time of enforced remote working?
1. Start with a full audit. Look at your business. What data is most sensitive, and where is it stored? What systems do you currently have, and what are they used for?
Now audit shadow IT. Find out what tools are being used and why. Allow people to be honest with complete amnesty! Analyse the gaps in your current business tools, and how those gaps are being plugged. Create a shadow IT inventory.
2. Gain an understanding of the tools everyone needs. For example, all staff may need ways of conducting video calls, cloud storage of documents, and planning tools. But there may also be some more department-specific needs you will have to take into consideration, such as invoicing, marketing automation, or project planning.
3. Set out ways of securely using tools. Try to standardise and improve usage of new, employee-selected tools if they are helpful. You could even encourage others to use them in a secure, compliant manner. Particularly now, it is important to be empathetic to others who are trying their best. Staff will appreciate you being amenable and lenient.
Need more convincing? Shadow IT does have its benefits too. , and 80% said their companies should deploy more employee-suggested tools.
If the tools aren’t fit for purpose, create a plan for providing alternative tools and safer practices.
4. Rules are made to be broken? Yes, in an ideal world all staff would follow End User Computing (EUC) policies to the letter, but in these unprecedented times that may be slightly unfair. Cultivate a culture of trust and honesty by being as lenient as possible without compromising your business’s security or compliance.
5. Communicate to your business about new and existing tools. It would be useful for staff to know exactly what’s available, what they should be used for, and how to use them.
This will also be helpful to you as you begin to centrally administer your business systems. Also, set boundaries for what you will and can do for staff as an IT team, and what needs to be done by staff themselves.
6. Encourage communication with your IT department. Allow staff to suggest new tools, so you can vet them or guide staff towards something more appropriate.
Have someone responsible for this, so people know who to turn to with suggestions, queries and concerns. This means if a breach or issue were to occur, staff aren’t scared to report it and then don’t waste time trying to figure out who they need to tell.
7. Choose user awareness training. Your staff are your #1 security risk. If they click on a risky link, access a site that would normally be restricted in your office, download malicious software, or fall victim to a phishing email, that’s your business data that is compromised. You need to inform and educate your team on the risks, and how to avoid becoming the reason a cyber attack was able to happen. Learn about user awareness training.
8. Passwords are key (literally). Strong passwords seem obvious and simple, but this is crucial when people are signing up for websites, tools and services with their work email address. Imagine if they use the same password in a new system as they do your finance system!
It can be useful to remind, or ideally enforce, staff to regularly change their passwords. If your staff have an understanding of how to create a strong password, that can make it near impossible for password encryption software to work.
Understand whether any company domain passwords have been compromised by requesting a free dark web scan today >
By getting remote working up and going, you’ve managed to dodge a bullet of total business disruption. We know we’re going to be working remotely for at least a few more months, if not longer, and it’s changing the face of working in a business as we know it. Now is the time to optimise your systems and security – including solving the problem of shadow IT.
There are some technology solutions out there that will help you to remove the need for Shadow IT. At Cybit, for example, we use the Microsoft suite of tools which encompasses nearly every business user need imaginable. Microsoft 365 deals with office productivity, communication and collaboration (and more), while Dynamics 365 handles finance, customer service, sales, marketing.
Enable your IT administrators to oversee all devices and ensure they don’t become a threat to your business with a tool like Microsoft Enterprise Mobility + Security. This is a cloud-based service that provides end users with secure mobility and productivity, from anywhere and on any device. It makes the lives of end users and IT administrators much easier.
Instead of using VPNs and an assortment of various systems while remote working, you could use a virtual desktop solution to give secure access to your business systems in a way that won’t allow data leaks onto personal devices. Two of the biggest solutions are Microsoft Windows Virtual Desktop (WVD) and Amazon WorkSpaces.
To get an idea of what solution is best for you, get in touch to discuss your current pain points and requirements.
Let us help you as a trusted advisor to consult on the best route to gain immediate and long term benefits to your productivity, security, and compliance. Rest assured you’re working with an IT consulting firm with nearly 30 years of experience in IT consultancy, security, data management, architecting intelligent IT solutions, training, and much more.
To get started with solving your shadow IT issues and improving your security, simply get in touch today for a free telephone consultation with one of our friendly experts!
We understand there are many options to choose from and you want to make sure the tool you adopt is the right one for you.
"*" indicates required fields
Construction in Crisis! Written by Chrissie McAnelly, Cybit Data & Analytics Consultant – Construction Sector The construction sector is
Read articleBy Asiel Esgair – Cybit Data & Analytics Consultant – Public Sector & Local Authority In our
Read article
