The IT vulnerability of companies has increased as they move to remote working.
When people are working from home, anything can happen, from sharing inappropriate information to hacking bank accounts. Anyone working from home with their own computer equipment can become the Achilles heel of an entire corporation. The term Shadow IT has now been coined to refer to those systems adopted by employees that don’t have the approval of the company’s IT department.
According to Gartner, a technology research and consulting company, a third of all cybersecurity attacks in 2020 have happened due to improper use of Shadow IT.
This category includes Facebook, Instagram, photo editing apps, and many other tools that can turn into Trojan horses in terms of institutional security.
“It includes cloud services, which are increasingly used by companies and institutions,” explains Alejandro Parra Briones, professor of Computing at the School of Engineering and Sciences at the Monterrey campus of Tecnológico de Monterrey, in an interview for Tec Review.
According to the academic, you can fall prey to vulnerabilities in the cloud, so hackers often take advantage of this.
However, Shadow IT isn’t necessarily harmful. It’s like when students do their homework, but instead of consulting the sources recommended by the teacher, they turn to other sources such as Wikipedia or YouTube.
“This doesn’t mean that the homework’s going to be wrong. But you can’t determine whether the information is reliable, nor can you know whether commercials will appear in a video, taking attention away from the student’s academic objective,” says Parra Briones.
Vidal González, one of the two founders of Cerby, agrees with Parra, and qualifies this as follows in an interview for Tec Review:
“The idea would have to be to protect people’s freedom to choose which applications to use. Shadow IT is a transitional phenomenon that in the future will simply be the way to always get the job done.”
Cerby is a digital security company that addresses the Shadow IT cybersecurity problem, by enabling end users to securely sign up and use the applications of their choice.
When this startup emerged, it was April. Many companies had already begun sending staff to work from home, so the concept of protecting people’s online identity became critical.
This is extremely important when you consider that, according to data from Statista, 72% of people have worked from home at some point since April. This could be extended because according to a recent survey carried out by the firm PwC, 97% of workers prefer remote work to in-person work in an office.
If social media has taught us anything, it’s that humans love to share information. In this sense, Belsasar Lepe, the other founder of Cerby, believes that when it comes to sharing confidential data and identities in a business context, it’s rarely done safely.
“That is why we founded Cerby, because security tools don’t respond to current data protection needs,” says Lepe.
Vidal has seen employees who couldn’t take the company’s equipment home and have had to use personal gadgets in order to do their work.
“This caused important information to be passed on through WhatsApp, a means that’s not made for transferring confidential information,” says González.
As in the previous case, there are many other IT risks related to Shadow IT that are increasingly common in these home office environments that, since the pandemic, have come to stay.