Keep Shadow IT from Killing Your Business
ata sprawl is bad enough. Having us- ers decide on their own to implement IT solutions can kill a business.
Shadow IT
Shadow IT is when employees bypass business processes and policies and use un- secure and unmanaged consumer-grade IT solutions for corporate data. Users set up their own free online sharing, remote access, smartphone backups, wireless access points, thumb drives, and other unauthorized risks that they thought were just making their lives easier. They may need access to their data from home or while traveling and don’t realize that they are creating security and compliance risks for their business. Shadow IT is mostly adopted by good people with good intentions, but in some cases it is used maliciously to steal proprietary data.
Too Easy
It is now so easy and inexpensive – often free – for someone to bypass company IT policies and procedures. Users view data casually, not as a valuable business asset or something that if lost can result in an ex- pensive and embarrassing data breach. They treat company files the same as their fam- ily pictures, and don’t give their managers a vote in where the company’s data ends up.
File Sharing & Backup
File sharing services are good solutions, but aren’t all the same when it comes to securing data, tracking access and offering managementaviewofwhatishappening with the data. The business should be part of any decision if an employee wants to use it to share business info or client files. Free thumb drives given out at conferences can move data from secure networks to a very high risk of loss. Cloud services that make it easy to back up laptops, phones and tablets, may also result in corporate data moving into a location the company doesn’t know about.
Email
Data sent to free email services like Gmail, Hotmail, Yahoo!, and those that come with an Internet service can end up anywhere, and cannot be retrieved. Even deleting these may not completely erase them from the vendor’s servers and backups.
Who ever thought...?
Uneducated users and wannabe IT “ex- perts” can create real dangers. What if an employee exported the company’s confi- dential client files onto an insecure device? Could your staff make copies without your knowledge? Once in a secure document management system that met the company’s security standards, the files now can be read by anyone with a computer, there is no track-
ing of access, and no way to know how many copies are floating around. Considering the high costs of data breaches (both to reputa- tion and notification regulations), this could killthebusinessifthedatawasbreached.
What can managers do?
1. Educate yourself about the pitfalls of having client data stored on devices and locations without your permis- sion.
2. Identify reliable choices of safe solu- tions to solve your data access prob- lems.
3. Check systems for unauthorized file sharing and data backup software.
4. Implement data loss prevention software to restrict how data can be moved.
5. Establish policies to prohibit unau- thorized solutions.
6. Conduct cybersecurity training for your staff.
The more people understand the value of data and the risks of unauthorized data management solutions, the more you will be able to keep IT out of the shadows.
Dave Kinsey is the owner and president of To- tal Networks, the technology partner of many law firms throughout Arizona. For more infor- mation, email [email protected]
18 | www. BusinessProfessionalMagazine.com
By Dave Kinsey