Remote workers result in weaker security – the dangers of shadow IT

Remote workers in your business result in weaker security. You might think this is a sweeping statement, but in the recent study The dangers of hidden IT behavior: What we do in the Shadows by NinjaRMM there is overwhelming evidence that in most cases, the presence of remote workers poses a security risk due to ‘shadow IT’. 

Revealing study of the increase in ‘shadow IT’ 

The study surveyed 400 remote workers to ask a serious of questions about how they understand their organisations’ IT, and their own devices and digital tools they use, unauthorised, to do their job. 

The unauthorised of digital tools and devices is called ‘shadow IT’ and a surprising amount are used by remote workers to carry out their everyday work tasks.  

Most alarming in the report is that workers who use their own devices and tools do not necessarily see themselves as being at fault but are just trying to do their job. 

The pandemic didn’t help 

Since the rise in remote working, due to the pandemic, the amount of ‘unauthorised’ using of IT equipment and tools has rocketed and continues to do so, i.e. the devices and tools operating outside of an organisation’s security procedures and processes. 

Rise in unapproved software and devices 

Of those surveyed, 35% said the number of their own devices they now use for work has increased. And 39% said the amount of their own cloud services and software they use has increased. 

Remote working a ‘gift’ to threat actors 

Of respondents who reported using unapproved devices and software for work: the majority were smartphones (56%), and the unapproved software was, in the majority, audio and video software (45%). 

The potential security risk via this use of unmanaged applications and devices is a major concern for organisations. Employees are often not maliciously flouting the rules, but, using their own tools and devices, they cannot be relied upon to install the necessary updates and patches that IT security policies would enforce. Despite 32% of employees reporting they know using own tools and devices poses ‘a serious risk’ security” they still use them. 

Organisations are therefore highly vulnerable to these ‘backdoors’ into their security. 

“It is extremely concerning to see that a large number of people feel they need to go around their organization’s security policies,” said NinjaRMM Chief Security Officer Lewis Huynh. 

Why remote workers use ‘shadow IT’ 

The report found 75% of respondents said their employers’ security policy covered the use of unapproved software, cloud services and hardware. However, 42% also said they ‘need to go around the security policies’ to do their job.  

And 26% of respondents said they would ‘go around’ their employer’s security policies also if it was more convenient for them to use their personal accounts. 

Organisations risk lack of insight, security and productivity  

Clearly there is a disconnect between employees, IT and leadership teams, resulting in a serious lack of management of employees’ working practices when it comes to security.  

Organisations are also lacking the important insight into working practices that could lead them to streamline their processes for better employee experience and job satisfaction – thereby reducing the employee need for shadow IT. 

“18% of remote employees have gaming software installed on their work devices” 

The report points to a ‘lack of management’ and ‘permissive attitude’ when it comes to managing IT security and employee practices, which points to even wider concerns beyond security risks alone.  

Advice for addressing prevalence of shadow IT 

There are several important recommendations in the report for organisations ready to address the use of shadow IT by their employees.  

• Conduct frequent audits of employees to identify insufficiency of security policies 
• Revise policies to reduce friction between employees and the IT they use – in other words – make working practices and processes better 
• Carry out regular training on the top threats  
• Improve communication between workers and IT 
• Communicate IT issues to leadership 

Building a security culture 

In the report, as at Cultrix, it’s believed an active security culture is the most important element for an organisation ensuring a successful rollout and adoption of security policy and procedures.  

The more employees can be engaged to be ‘security aware’ and, at the same time, have their feedback about poor working processes listened to, the less they’ll need to resort to shadow IT.  

Improving security of remote workers 

Are you concerned about the use of shadow IT by remote workers? 

Are you concerned about the lack of security in your remote working practices? 

Our security experts at Cultrix manage remote worker IT, devices used and digital tools for organisations, including work mobiles, to ensure they operate more securely.  

Get in touch to find out more.  

< Read more articles on our IT Academy