Shadow IT Software
Can’t find the font you need? Download it – for FREE! Need to edit a video to send to customers – there’s an app for that! Want to impress with a swanky new type of presentation? Download amazing trial presentation software.
Are you familiar with the scenarios above? There’s a need to get something done in a hurry, to look great, or to solve a problem but there isn’t the right software to do it. Simple – Google it and find an application to download that will solve all your problems effortlessly and often for FREE!
So, where’s the issue?
As we’ve mentioned recently, Shadow IT (the use of unauthorised IT) can pose significant risks to the security of your business.
Downloading unauthorised software onto company laptops and PCs is a familiar and prevalent form of Shadow IT. It’s so incredibly quick to find and download the tool that will save the day. Unfortunately, whilst the day may be saved, the year may be doomed! If that one little piece of software contains a virus the harm wreaked could be devastating.
Once the virus is on one machine it can then infect others within the network. Passwords could be stolen, data taken for unscrupulous use, files corrupted, email addresses used for spamming and more. There is the potential for high ransoms to be charged for data return, for data to be erased and for hard drives to be permanently damaged. Consequences can be long term, prove costly and risk severe reputational damage.
Why is Shadow IT Software used?
Team members that download Shadow IT Software onto company machines rarely undertake it maliciously. If anything, they’re probably trying to impress, save money and be efficient. The keen employee may not wish to get bogged down in what they view as a longwinded paper trail to obtain the software they need. They simply want to get on with the job.
So, how can you prevent the enthusiastic team member from downloading software from an unauthorised source?
Training is vital.
Explain to new team members why they mustn’t download software without permission, and keep giving the same messages during staff meetings and training sessions. We’d like to reinforce the ‘why’ element here. Simply forbidding people from doing things without an explanation could be viewed as autocratic. Equally, presenting them with a form filling process for software acquisition may seem bureaucratic. By reinforcing the significant risks and consequences to the business through the use of Shadow IT will ensure teams understand the reasoning behind the processes and procedures needed to obtain new software.
Once the ‘why’ is clear consider the ‘how’.
How will team members go about acquiring the software they need to do their jobs to the best of their ability? Make communication channels as direct and as clear as possible. Ensure team members are listened to when they explain why they need software. If you are in a position to supply what they need – great! But if you aren’t you need to be clear as to why they can’t have the software and whether there are any plans to acquire it (or similar) in the future.
To conclude, communication is key to helping prevent Shadow IT. Additionally, we can help. Ask Net Primates about Shadow IT and how it can be prevented.
You may also advise your teams to sign up for the Net Primates newsletter where we regularly provide information on IT Security, the risks of poor security and how to mitigate against breaches.