In a world where businesses either pride themselves on their security solutions, or have woefully unsecured networks, you need to understand that one of the most common threats to sensitive corporate data comes from within your organization. User error is the leading cause of data loss and security-related problems, although, it’s important to remember that they often have good intentions that may result in an unfortunate outcome.
One way this happens is with what’s called shadow IT. This is the implementation of technology solutions that may not be sanctioned by your organization’s IT department. For example, an employee might choose to download a free antivirus if they see that their workstation’s antivirus software license has expired. Or, if they don’t have a word processing solution, they may look for alternatives on the Internet. While they may have only good intentions when implementing the solution, this can lead to several security discrepancies that could put your data at risk.
Another way that this might happen is when an employee is working hard on a project in order to meet a deadline, but the software license expires and they are no longer able to access the tools they need to continue working. Rather than go through the proper channels (especially if IT is bogged-down with work, and is unresponsive to urgent requests), the employee might choose to take matters into their own hands and find a solution that works. The employee can now get back to doing their job, but they’ve just implemented shadow IT, which is a major red flag for businesses.
When it comes to shadow IT, the primary concern is the source of the solution. Where did the software that your employee found come from? Depending on what exactly they downloaded, it could be a seemingly-benign open-source software from a reputable website. However, if they found it on some ad-encrusted sketchy corner of the Internet, you might be in trouble. Freeware is often exploited by hackers to spread their influence, knowing full well that people will download it and use it, rather than pay for a software license from a reputable vendor.
The best way to prevent shadow IT is to control the permissions that you provide for your employees on their workstations. Downloading a new software solution often requires administrator permission, so when you remove these permissions from a workstation, you’re forcing the employee to go through the proper channels when requesting a new software to work with. It also helps to educate your employees on how to use the technology solutions your business has adopted--as another reason why they might choose to use something different could be the fact that they’re unfamiliar using other applications.
In general, having a responsive IT department can minimize the trouble that your team has with its IT solutions can be a great deterrent for shadow IT. When they don’t run into hiccups, and they are comfortable using your business’s technology solutions, they won’t feel the need to implement additional solutions that can put your company’s data at risk.
To learn more about shadow IT, and the threats that it poses for your business, reach out to us at 301-869-6890.