What is Shadow IT?

For today’s, Tuesday Tech Tip I want to talk to you about shadow IT. What it is and why every business owner must have this on their radar?

What is shadow IT and why should you care? Well shadow IT is kind of a tech term that is used in the business world for when employees go out and get technology to do their job. Most of the time this is very much an act of trying to achieve something that’s not malicious at all. However, the reality is it puts your business at great risk. I’m going to give you some examples.

Let’s say that work from home policies that we’re all been implementing, allow people to work more and more from home or wherever. They need to share data from the office so they go and they put their work data into a personal Dropbox. They go online and create a personal Dropbox account and start syncing files onto their local desktop at their house. Well, that’s a big problem because now we have your company files that are now residing out on your employees desktop. The issue with this is you don’t know who else is also using the same desktop. It could be their kids playing games, or several other things could be going on. So with that, there’s a big problem. That’s just a good example. It could be anything from the employee downloading personal antivirus on their machines, thinking they’re protecting your organization, downloading it from sites, downloading print drivers that are laden with backdoor features so the bad guys can infiltrate your network. It’s basically employees doing IT items, most of the time to help, but in actuality, they’re putting your company out a lot of risks.

So what do you do to stop this? Well, you need to have a couple of things in place. First off, you need to know all the software that’s on all of your machines. Even if it’s bringing your own devices that they’re connecting with from home. You’ve got to have a way that you can determine what applications are on that network. You can also securely bring them back into the office and set up a virtual machine or let them just remote in and work off of their machine at the office. This is a very viable way to keep the security level up.

There are some other things, too that you can do as far as really having a conversation with your staff to determine if they have all of the products and solutions that they need to do their job effectively. A while back I did a study looking into this concept. One of the things is that about 55 or 60% of employees feel like they do not have the tools that they need. As well as their employer either is not aware or doesn’t care that they don’t have the tools that they need. So a simple conversation on a sync-up could go a long way to make your people happy, make a more productive, as well as keep your data safe.