How to prevent Shadow IT
Over the last few weeks, we’ve mentioned Shadow IT in its various guises, including cloud-based, software downloads and personal devices.
As a recap, Shadow IT is any form of IT that is being used within an organisation that hasn’t been approved for company use. Most of the time the Shadow IT is brought into the business by well-meaning team members who want to do their jobs efficiently. But, unfortunately, the risks of using Shadow IT are significant and will often outweigh the advantages of its use.
Whether using the cloud, software or a device, unauthorised IT will have circumnavigated normal security procedures. Viruses could have been imported, fraudulent links clicked and data made insecure. Data could therefore be stolen, machines devastated and ransoms demanded.
Communication is key to helping your teams understand why they shouldn’t use Shadow IT. Help them recognise the possible consequences of bypassing company procedures. Also, let them know that you’re listening to their requests for new software, better devices and speedier systems.
There is another step that you can take which is to contact Net Primates.
Let us help!
We’ll start at the beginning with Company Policy. By documenting what is allowed and what is not allowed clarifies the situation for all. Policy information can then be translated into HR terms and conditions, and training plans created. The policy can also lay out who can buy software and devices – ideally this should be the domain of the purchasing department, obtaining items using company credit cards; personal credit cards for business use should be avoided at all costs.
Monitoring activity is also an area that Net Primates can cover on your behalf and we recommend quarterly meetings to keep you abreast of any Shadow IT situations that have arisen. This is also an ideal opportunity to discuss any new threats, concerns you may have about software/device requests and focus on areas where training is needed.
Finally, we’ll make it impossible to download software that hasn’t been approved! Whilst communication is key, there are instances where simply blocking activity goes a long way to mitigate risks.
You may also advise your teams to sign up for the Net Primates newsletter where we regularly provide information on IT Security, the risks of poor security and how to mitigate against breaches.