Nearly two in three employees are putting you at risk of a costly security breach, due to the phenomenon known as shadow IT.
New numbers from 1Password will open many eyes.
When employees with computers and an IT department were asked “Have you in the past year signed up for a work-related website or app without your IT department’s approval?” here’s what they admitted:
- 32% had created one account
- 51% had created between two and five accounts, while
- 15% had created more than five accounts.
Each one of those accounts poses a security risk.
But often firms don’t even realize they’ve been breached, because they don’t know employees have the technology in the first place!
Which means not only can’t they take steps to protect their own sensitive data, but their customers’ info could be compromised as well.
And like just about everything else these days, the COVID-19 pandemic has made this worse.
Their intentions are good
So what are folks downloading? It can be anything from project management software to plug-ins that correct grammar mistakes.
All well-intentioned work “upgrades.” But even one has the potential to expose company info.
And with workforces so dispersed during the coronavirus pandemic employees are less likely to reach out to IT to ask for permission. Plus many are scrambling to do their jobs in new ways which means they’re more willing to jump on anything that can help.
Weak passwords opening the door
Another even more troubling finding in the 1Password survey significantly increases the odds that rogue technology will come back to bite you.
That “worst practice”? Password management. Or rather, password mismanagement.
Just 2% of folks surveyed create a unique password every time they tap a new app or software. A third re-use a memorable password and another 48% rely on a similar pattern of passwords, which can easily be discovered.
So not only are employees leaning on technology not vetted by your IT team – they’re leaving the door wide open for criminals to enter through ’em.
Stamping out shadow IT
But don’t be too quick to ban shadow IT outright.
That can backfire – productivity and morale may take a hit if people feel they have no autonomy in how they tap technology to do their jobs.
But your company definitely needs a shadow IT policy in place. Spell out a clear procedure to have apps and software approved by IT. (And provide a reasonable expectation set for how long an answer will take.)
You also might survey employees on the types of add-ons they’re looking for most often. Then IT can vet them and push out two or three approved choices.
Employees still have control over their preferences, and IT knows your company isn’t being put at risk.