What You Need to Know About Web App Security
There’s an app for that! Even for business purposes, you can bet this is the case. Yet a small business may be using online applications without understanding the risks. Here’s help. [Read more…]
by Tony Whitney
There’s an app for that! Even for business purposes, you can bet this is the case. Yet a small business may be using online applications without understanding the risks. Here’s help. [Read more…]
by Tony Whitney
An old-time radio show used to start with the promise “The Shadow knows!” Yet when it comes to shadow IT, the problem is the exact opposite. Shadow IT is the stuff employees download onto a business system that IT doesn’t know about, and it can be a big problem.
You may have an IT policy telling employees not to download unsanctioned applications, but they want to boost their productivity, or perhaps they prefer to work with an app they already know and love. So, they get a tool or service that meets their needs without telling IT.
The employee may have the best of intentions. They want to work better for your business. They don’t see the harm in adding that convenient app to their computer. Or they don’t think it’s a big deal to use their own device to complete their work (even if unsanctioned). Maybe they want to be efficient, so they use a personal email account to conduct your business.
Any of these examples are part of Shadow IT, and it’s running rampant. In Frost & Sullivan research, 80% of employees admitted they had used non-approved software. Even 83% of IT workers were using non-vetted Software as a Service (SaaS) applications. So, what’s the big deal? We’ll cover that next.
First, if your business is in a regulated industry, Shadow IT could put you at risk of noncompliance. That unsanctioned device may not be encrypted. Sharing business data over a personal email would be a big no-no in a healthcare or banking space. Shadow IT certainly undermines audit accountability.
It can also drive up IT costs. Say accounting doesn’t know that the business has already paid to use certain software. So, they pay for it again out of their own budget.
If IT is unaware of the Shadow applications or devices, they can’t manage the vulnerabilities. The business doesn’t know customer data or personal identification information about employees is at risk.
And there is a greater threat of a data breach or ransomware attack. Employees downloading a third-party app could inadvertently give a hacker access to your network.
Additionally, the business risks losing productivity. The work someone does on a shadow app, for example, could be lost to the company if that employee moves on. IT wouldn’t have access to that account to retrieve the information or files. They don’t even know it is out there on that unknown app or device.
Because this IT lingers in the shadows, it can be challenging to coral. Still, there are several steps you can take.
Create and communicate acceptable use guidelines, and make sure your workers know what your policies are regarding:
Establish clear information classifications distinguishing between public, private, and confidential data. This can help employees recognize they are putting important data at risk when they disregard use policies.
IT needs to get to know what technology is in use at the business (both on- and off-site). This is more challenging now with people working from home due to COVID-19. Still, a survey of employees and their devices can help gather information about unknowns.
Don’t overreact. You don’t want to necessarily ban all Shadow IT that you discover. Some of the services could have value. Vet the applications or devices found or reported. Review their connection to private or confidential data or essential network systems. If several employees use an unsanctioned app, you may want to invest in it. With a professional version, your IT team can safely manage the app.
Why are people circumventing your IT policies? Are they are under pressure? Are they are looking to meet an unmet need? Are they are more comfortable with a familiar app or device? It’s important to understand what the employee is aiming to accomplish or why they’ve turned to shadow IT. This can help you identify IT needs and areas where you need to improve.
Shadow IT is data or applications that are outside your business protection. IT can only watch what it knows about. Shadow IT is unsafe and unpredictable. Book an appointment to have the professionals at Y-Not Tech Services help you shine a light on Shadow IT.
by Tony Whitney
Why would someone want to target your Instagram account? You share what you ate, maybe the books you read, the shoes you bought, or that really cool image of the sky above. How is that going to help a hacker? Read on to learn more. [Read more…]
by Tony Whitney
The popular social media channel Facebook is an obvious target for cybercriminals. In April 2021, the company announced a leak of 533 million Facebook records. It’s one of the largest known data leaks, and you could be affected. Here’s what you need to know.
Facebook has confirmed that hackers posted information including: [Read more…]
by Tony Whitney
Data breaches are now daily occurrences and can happen to any business. The April 2021 leak of 533 million Facebook records was one of the largest known data leaks, but even if you weren’t affected by that one, you may still be at risk. [Read more…]
by Tony Whitney
Proprietary information makes your business special, whether you’re a tech startup with a smart algorithm or a food manufacturer with a secret sauce. Regardless of industry, business gains a competitive advantage from distinct practices or unique data. The last thing you want is someone with ill intent getting their hands on your differentiators. Here’s how to protect your proprietary information. [Read more…]
by Tony Whitney
All good things must come to an end – it’s inevitable with computer software. If you’re using Adobe Flash, the day has arrived. It’s time to uninstall Adobe Flash Player.
Adobe stopped supporting Flash Player on December 31, 2020. What does this mean? [Read more…]
by Tony Whitney
Cybersecurity attacks on big-name brands or governments are familiar headlines these days. Millions of access credentials are breached, and millions of dollars are lost to a ransomware attack. You may think you’re protected, but a single undetected misconfiguration could mean trouble. [Read more…]
by Tony Whitney
News of a big brand suffering a data breach is all too common today. But if you don’t get an email from such a company, you could mistakenly be thinking it doesn’t affect you. [Read more…]
by Tony Whitney
Most of us can differentiate between hardware and software. But how many know what firmware refers to? More importantly, is your business securing its firmware against security vulnerabilities? [Read more…]