Are your employees unsecurely sharing critical files?
Are they making their own IT decisions?
Do you even know what is really going on?
What can you do to stop it ???
What is Shadow IT?
Shadow IT are the unapproved and unauthorized IT solutions that employees use on their own, including consumer-grade file sharing, personal e-mail, remote computer access, thumb drives, and computer and cell phone backup services. Companies that have invested heavily in network security are finding out that their own users— most with good intentions— are risking proprietary and legally protected company data by bypassing the rules (and the IT department.)
Why do people like Shadow IT?
As consumers we love FREE. Free online sharing. Free e-mail.
We love EASY. Easy to install. Easy to understand. Easy to Use. Easy to Access from Anywhere.
We also like CHEAP (but not as much as free.) Cheap online backup. Cheap thumb drives. Cheap smartphones and tablets. Cheap Cloud solutions. Cheap remote access tools to connect from home. Cheap enough to pay for and expense without getting permission from the IT department.
Employees want to work from home or a remote office so they e-mail customer lists and business documents to their personal e-mail addresses. Or they may copy them to thumb drives or save them to Dropbox or a similar consumer-grade file sharing service. E-mail and file sharing services synchronize to their smart phone, which may be automatically backed up through their cellular carrier in case their phone is lost or stolen. When they quit or are terminated will you even know your data was lost? Even if you wipe their phone your data may still be in the phones online backup. Ouch.
How can this kill your business?
Data is like gold. It can include confidential or proprietary information that your company depends on to exist. Think your version of the Coca-Cola formula or the Kentucky Fried Chicken recipe. Like your customer lists, proprietary designs and processes, business and marketing plans, contracts, HR and payroll records, salaries, commission plans, protected financial or health care information, student records, passwords, security codes, data covered by confidentiality agreements, and more.
What if your employees are malicious?
I have dealt with distraught business owners whose employees embezzled; stole customer lists and business data to take to a new employer or start a competing business; deleted important files to get even; lost devices that contained protected information and created reportable data breaches; and stored company files in free e-mail systems whose terms and conditions allowed the provider not just to read the mail, but to publish it.
What can you do?
There is no single answer. You need to combine Administrative, Physical, and Technical safeguards to stop Shadow IT.
- Stop Shadow IT by educating your workforce about the risks of using consumer solutions because they don’t adequately protect your data. Use reminders so they don’t forget and they know you are serious.
- Implement policies and sanctions and enforce your requirements.
- Regularly assess your devices and inspect them for file sharing tools, remote access tools, and any data you don’t want to leave your organization. Remove anything not authorized.
- Implement DLP (data loss prevention) and MDM (mobile device management) tools to protect a critical asset- your data.
- Work with your IT department or solution provider to identify secure tools to enable your employees to accomplish their goals so they don’t need to come up with their own solutions.