Posted on April 30, 2020 by staff

The risks posed by ‘shadow IT’ during lockdown

By now, much of our lives have become digitised and mobile, with many daily activities taking place via our phones, tablets and laptops. All of our communications can be conducted from anywhere and on the go.

Yet, when it comes to business communications, most companies (perhaps understandably) weren’t prepared for the new reality we find ourselves in. The recent lockdowns around the COVID-19 crisis have resulted in many companies pivoting quickly to remote working. The trouble is, many organisations never had a plan in place for such a drastic change.

It’s understandable that they’d want to turn to market-ready, widely available tools to collaborate instantaneously, however, there’s a real danger of businesses cobbling together a collaboration toolkit meant for consumers, rather than business. Doing so opens your business up to what’s known as ‘shadow IT’, which presents a threat to your company’s data every time a digital tool intended for consumers is used to conduct business activities.

Let’s take a look at what this looks like in practice.

Video conferencing tools and messengers such as Telegram, Signal or WhatsApp have become the go-to form of personal communication, meaning that people end up using them casually to do business because it seems like the simple, seamless and innocent thing to do.

People want to be able to connect as quickly and efficiently as possible. Quick message to a colleague? Why not send it via the same messenger you use to message your friends (many of whom are colleagues anyway)? That’s the thinking behind why people use services intended for consumers in the business space.

The trouble is, consumer-grade messengers, while handy, simply aren’t fit for business use. There are some real-world security consequences in using them for business, which are as follows.

Lack of control

There is no control over who has access to the information relayed across consumer-grade messengers. You don’t know who is ultimately reading your messages and who is accessing and sharing the information contained therein.

Lack of privacy

Data you share on these messengers may be shared with third parties, such as Facebook, which owns both Messenger and WhatsApp. This means that any trade secrets, business plans, financial numbers, or other proprietary business data shared are now on the radar of third parties.

Lack of compliance

These messengers mine your phone’s contacts, sending the entire address book to their servers. This means that they are non-compliant with business privacy regulations such as GDPR. Not only is this inappropriate to your contacts, but it can have massive financial consequences on your business when it comes to regulatory fines.

Most people would never dream of sharing the company’s valuable data publicly on Instagram or Facebook, so why do they continue to use consumer messaging applications to communicate in business? The best practice here is to move towards business-grade tools that were built with security in mind at the outset.

In the meantime, there are steps companies can take to shore up security. Basic psychology tells us that it’s human nature to want to take the path of least resistance. So, if businesses want their employees to stop using unsecured consumer-grade communication tools, they must deliver enterprise-grade solutions that mimic the ease of use of consumer platforms.

Secure enterprise messaging apps that work well for the business, but also provide a sense of freedom and convenience, will keep conversations and their details secure, yet the individuals remain in control. This creates the right balance between security and ease of use.

As we look at the new decade and how the ways in which people work are changing, we need to look at security in the context of the business as a whole. When the choice is between investing in secure collaboration tools or risking the whole of your company’s proprietary data by not doing so, this really should be a no-brainer.