More employers are allowing workers to “BYOD”—bring your own device—into the workplace. But some downloaded apps, shared between work and personal devices, can cause trouble. Just this month, the popular Evernote app was hacked, requiring a reset of more than 50 million passwords.
The term "shadow IT" refers to the proliferation of solutions and systems downloaded by employees and used in the workplace without the knowledge or support of IT. These apps can be for work or personal use, and can be loaded on PCs, smartphones or tablets connected to corporate networks. PricewaterhouseCoopers' "Digital IQ" survey estimates that among top performing companies, IT controls less than 50 percent of corporate technology expenditures.
Amazon Web Services
Lockton’s Born recommends employers take the following steps to protect themselves against “shadow IT” threats:
- Assess the risk. If the employer deals with a lot of sensitive information like financial or healthcare, management must weigh risks and benefits of allowing employees to use personal devices for work.
- Restrict the use. Even if employees are permitted to use personal devices for work, employers can restrict the information they can put onto those devices, such as more sensitive files.
- Encrypt when needed. If employees are sending and receiving company email on their personal devices, employers can require that the emails be encrypted. However, policing compliance can be a challenge.
- Educate everyone. Educating employees on the risks of BYOD is one of most important things employers can do. Make it clear that if an employee receives an email or notice that apps on their personal devices may have a security vulnerability, tell them to download the patch fix, delete the app from the phone, and contact IT.