CYBER SECURITY

UK businesses must tackle the dangers posed by ‘shadow IT’ as coronavirus restrictions are lifted and offices begin to reopen their doors again.

Remote working has led to a heavy reliance on productivity software and other forms of collaboration tools to keep businesses running amid COVID-19. However, organizations have also lost oversight on the apps and services being used by employee to conduct business, raising a variety of fresh cyber security concerns for IT teams.

Research commissioned by Citrix and carried out by OnePoll has highlighted the extent of this problem. In to a survey of 7,500 office workers in Germany, the US, UK, Australia, Canada, France and the Netherlands, 43% of UK  admitted to using software and tools on their work computers that had not been approved by their IT department – or had been explicitly prohibited.

Of those using “shadow” systems – that is, technology and software not approved or managed by their organisation’s IT team – the most common example was unauthorised video conferencing applications, in which nearly half (48%) of employees admitted to using, followed by instant messaging software at 45%.

To avoid
shadow IT

and to make businesses more secure in a future with more office workers working from home, IT teams will need adopt a more “digitally-forward culture” that is more flexible, adaptable and able to anticipate employees’ remote working needs, Citrix said.

SEE: Shadow IT policy (TechRepublic Premium)

Darren Fields, VP of Networking EMEA at Citrix, told TechRepublic: “The rapid shift to working from home has created the conditions for shadow IT to become an increasingly important issue. Whilst it is understandable that employees needed to adapt quickly to new pressures and concerns, given the global pandemic, it is important that businesses tighten up on these procedures going forward in order to safeguard their organisation from external threats.”

Citrix isn’t the only organization to have spotted this trend: 
a recent study from Trend Micro

 also found people showing a lax attitude to following their company’s IT security policies, with 56% of respondents admitted to using a non-work application on a work device and a third of respondents saying they did not give much thought to whether the apps they use are approved by IT or not.

Earlier research also commissioned by Citrix found that seven in 10 respondents were concerned about information security as a result of employees using shadow IT or unsanctioned software, with three in five seeing shadow IT as a significant risk to their organisation’s data compliance. However, the same proportion also thought the use of informal software and applications by employees was generating more innovative approaches to teamwork and collaboration.

SEE: Working remotely: A professional’s guide to the essential tools (free PDF) (TechRepublic) 

Fields said employers needed to plan for the fact that remote working would become more commonplace in future and “get a better handle of the situation” to ensure “bad habits don’t become commonplace.”

Overall, employees appeared optimistic that companies would meet their expectations for the new normal: nearly two thirds of those polled (65%) believed employees would show a better understanding of the “human factor” in the workplace, while 47% percent agreed that the coronavirus crisis experience would “help soften established corporate hierarchies.”

“Technology equipment aside, employers should also keep an eye on their employees’ well-being in the new world of work,” said Fields.

“In this new, sometimes unusual situation, some people have a hard time drawing a clear line between their business and private lives. This is completely understandable, especially when both occur within the same room, or even at the same table.”