Every October the industry puts together information to share how people and businesses can be safer online. For this blog, we’re focusing on shadow IT – the hardware or software that employees use that isn’t managed by the company’s IT team – and how using a password manager can help.
As employees found new ways to work and collaborate amidst the adjustment to hybrid work during the pandemic, the use of shadow IT rose dramatically.
In 2021, over 60% of US workers created at least one shadow IT account. – 1Password research
Shadow IT can improve employee productivity, but also carries along with it the risk of employees unwittingly introducing security vulnerabilities like unsecured sensitive data. While many employees have started moving back to physical offices at least part of the time, shadow IT is here to stay.
Security and IT teams might be tempted to crack down with a zero tolerance policy for shadow IT. Few will follow through, though, because their primary job is to help their business be as efficient as possible as securely as possible.
Why employees choose to use shadow IT
Employees often use apps and devices that are not provided or managed by their company because these apps are convenient and improve productivity. It’s not that employees are actively trying to circumvent the organization’s IT rules, it’s often a byproduct of employees choosing apps and devices that will help streamline their workflow.
How to embrace shadow IT safely in your business
Instead of trying to limit shadow IT, it’s important to focus on how you can empower your employees to make smart security decisions while putting processes in place that help you manage the use of shadow IT. Here are a few things you can do to help keep your business safe:
- Educate your people about cybersecurity. It’s important to keep your team informed about online security best practices, including educating them about common attacks like phishing, the importance of good password health, and how to identify safe apps to use when completing work.
- Create a simple shadow IT policy. Make an easy-to-follow policy and share it with your team. The policy should include things like a guide to submitting requests for new tools, what information can and cannot be used in shadow IT apps, and even a ‘shared’ shadow IT part of an exit interview for departing employees.
- Ask your team to share what tools they use. Create an easy process for people to notify IT about the different apps and programs they’re using to complete their work. This lets your IT team review what tools are being used, and, if necessary, recommend safer alternatives.
- Use a password manager. Encourage your team to create and use strong passwords for all their accounts – including shadow IT. Implementing a password manager like 1Password gives your people a safe way to store and share passwords and other sensitive information. By allowing your team to keep any shadow IT accounts stored in the company password manager, you can ensure that when an employee is offboarded, they’ll lose access to all company logins, including access to whatever shadow IT login information they had stored.
- Act on your team’s password health. With 1Password Insights you can view any data breach affecting company email addresses – for both IT approved, and non-IT approved apps.
Cybersecurity Awareness Month at 1Password
Curious about shadow IT and want to know more about what you can do to protect your business and also help your employees put their best foot forward? We’ve got upcoming programming that can help.
First, check out the How Datadog strengthened and streamlined its security workflows with 1Password webinar and join Datadog’s Ryan Whitesides and 1Password’s David Hogg in this live talk to discover:
- Why Datadog chose to implement a password manager.
- The security risks that Datadog was looking to address with 1Password.
- How Datadog successfully deployed 1Password across its entire organization.
- How different departments utilize 1Password to streamline their security workflows.
Register for the webinar on Tuesday October 24 at 10AM PT / 1PM ET.
Next, watch the How to turn shadow IT from a security risk into your team’s superpower webinar and join Sarah Armstrong-Smith, Chief Security Advisor at Microsoft, in a live talk to learn more about shadow IT, including:
- How shadow IT exposes your business to external and internal threats.
- The potential risks for businesses that don’t create policies around app downloads.
- How employees downloading non-IT approved software can create security gaps.
- How to mitigate shadow IT risks before they become a problem.
Register for the webinar on Thursday October 26 at 9AM PT / 12PM ET.
Make every month about cybersecurity awareness
Being cybersecurity smart is more than just tuning in for one month of the year – it’s an ongoing education as threats and solutions evolve and change. As a cybersecurity professional, you can take a human-centered approach to security to protect both employees and the business.