Shadow IT: How employees can become the greatest threat to business data
Jun 21, 2016
Data breaches and attacks executed by hackers over digital platforms have become prevalent headlines recently, but businesses forget that these aren't the only threats to their data. Employees are major contributors to compromised files, from accidentally downloading malware that reads and copies information, to purposely using unauthorized sharing programs for the sake of convenience. This last problem, which has been called shadow IT, is a rampant problem in the mobile age of company operations, and it can be difficult to control. However, organizations must take the proper steps to ensure that employees are following security protocols.
Lack of enforcement
The role of mobile devices in enterprises is still evolving, and this has brought a lot of confusion around what types of tools to implement to protect this hardware. According to a 2016 Bitglass study, although over half of organizations acknowledge that unauthorized access is the biggest threat to their data security, only 42 percent have regulations regarding file sharing applications. This leaves a lot of room for employees to use whatever consumer-grade solution they want if the company provided option doesn't fit their needs. This eliminates oversight of sensitive documents and can leave files out in the open.
Regulated data in danger
Most industries deal with some form of regulated information. If you take credit or debit cards, for instance, you have crucial financial data that must be stored securely. However, many employees may not know that the unauthorized sharing services they've decided to use don't have the protection capabilities necessary to meet compliance requirements. According to a 2015 survey by Elastica, the average employee shared over 2,000 files via the cloud, and 20 percent of these documents contained some type of regulated data. This personally identifiable information sent out into cyberspace not only puts that client in danger, but also can reap significant damages on the business.
"Understanding what regulated and sensitive data exists on your network and where it lives is a first step," Digital Guardian contributor Paul Roberts wrote. "But data isn't static, so companies need to establish a way to monitor that sensitive data over time, noting how it is used, who is using it, and under what circumstances."
Educate employees on processes
All of this amounts to the need for better education, enforcement and tools. After all, if workers have programs that are convenient, functional and secure, they won't be likely to pursue the course of shadow IT. Elastica's report found that 80 percent of sharing incidents were accidental, and only 5 percent of users were the cause of a risk exposure. With better training, employees will better understand the importance of business data as well as the best practices for sharing this information. Providing ongoing education will be crucial to eliminating the insider threat and closing off shadow IT practices once and for all.
It's true that cyberattacks on business data are becoming more common, but organizations must also keep an eye focused inward. Employees are one of the leading causes of data compromise, and it will be essential to incorporate the right tools and enforce policies to ensure better sharing practices.