Shadow IT and Remote Work: How to Take Back Control from Unauthorized Tech

Episode Resources:

• Resilience Cybersecurity & Data Privacy

• 8 Useful Small Business Cybersecurity Tips You Need to Know – Resilience Cybersecurity & Data Privacy

• How To Destroy Perfectly Good Cybersecurity Policies – Resilience Cybersecurity & Data Privacy

• Unapproved Apps Used By 32% of Remote Workers – infoSecurity Group

• Out Of Sight & Out of Mind Report – HP Wolf Security [Report]

• Shadow IT: A Serious Threat to Law Firms – Attorney at Work

• The State of Remote Work Security 2023 – Lookout [Report]

• Is your security team concerned with unmanaged devices? – Check Point Blog

• Check Point Research Reports a 38% Increase in 2022 Global Cyberattacks – Check Point Research [Report]

• Shadow IT Alert: Half of Home Workers Buy Potentially Insecure Kit – infoSecurity Group

Episode Transcript

In this episode of the Fearless Paranoia Podcast, we are discussing “Shadow IT.” Shadow IT is a really cool-sounding term for the use of unauthorized devices, software, or applications in a company’s network.

The pandemic, and all the remote work that went along with it, has led to a rise in Shadow IT. As employees are working remotely, many have added their own personal devices to company networks. While the introduction of these unauthorized devices may have been well-intentioned, it creates an increased attack surface and brings additional risks to the company.

Accepting and understanding that the first step in maintaining an effective IT environment is having visibility of what’s on the network, it becomes easier to see why Shadow IT is particularly dangerous. Most Shadow IT devices are not monitored, do not have security software tools, and are not managed by the IT department.

According to one recent study, nearly half of IT decision-makers have purchased equipment, such as laptops or printers, to work from home during the pandemic. While these purchases are often made with work-related intentions, they are not managed by the company’s IT department and therefore not compliant with company policies. The hosts encourage employees to reach out to the IT department to enroll their devices in the necessary systems to ensure proper security and compliance.

The hosts also highlight the importance of managing devices such as printers, which often have vulnerabilities and connectivity requirements that need to be regularly maintained. Without centralized printing, there is a risk of data loss or potential DLP (data loss prevention) issues.

There are a few things that can be done to help mitigate the risk of Shadow IT.

First, it’s important to establish clear policies and guidelines around the use of personal devices and software within the workplace. This should include a clear explanation of what is considered acceptable use and what is not, as well as the potential consequences of violating these policies.

Second, it’s crucial to provide employees with the tools and resources they need to do their jobs effectively and efficiently. If employees feel that they don’t have the technology or software they need to do their work properly, they may be more likely to turn to Shadow IT solutions.

Third, it’s important to prioritize security and make it a key consideration in all technology purchasing decisions. This means involving IT and security teams in the decision-making process and ensuring that all new devices and software are properly vetted and secured before they are introduced to the network.

Fourth, it’s important to educate employees on the risks associated with Shadow IT and why it’s important to follow company policies and procedures. This can be done through training sessions, awareness campaigns, or other educational initiatives.

Finally, it’s important to have a proactive approach to monitoring the network and identifying any potential Shadow IT issues before they become major security risks. This may involve implementing security controls such as firewalls, intrusion detection systems, and endpoint protection software, as well as monitoring network traffic and activity for any signs of unauthorized devices or software.

Overall, addressing the issue of Shadow IT requires a multifaceted approach that involves clear policies and guidelines, effective technology solutions, employee education, and proactive security monitoring. By taking these steps, businesses can reduce the risk of Shadow IT and protect their networks from potential security threats.

There will always be those who are resistant to change or collaboration. However, it’s important for organizations to create a culture of security and to make sure that security is a top priority throughout the company. This can involve implementing training and awareness programs to educate employees on the importance of security and how they can play a role in protecting the organization. It can also involve regularly reviewing and updating policies and procedures to ensure they are effective and relevant. By taking a proactive approach to security and involving employees in the process, organizations can help reduce the risks associated with shadow IT and other security threats.

We’re here to help make the complex language of cybersecurity understandable. So if there are topics or issues that you’d like Ryan and I to break down in an episode, send us an email at info@fearlessparanoia.com or reach out to us on Facebook or LinkedIn. For more information about today’s episode, be sure to check out Fearless Paranoia.com where you’ll find a full transcript as well as links to helpful resources and any research and reports discussed during this episode. While you’re there, check out our other posts and podcasts as well as additional helpful resources for learning about cybersecurity.