Cyber threats at home? Remote workers may be using 'rogue' apps

HR and IT leaders should be wary of an emerging 'shadow IT'

Cyber threats at home? Remote workers may be using 'rogue' apps

Maintaining cybersecurity is already a challenge for companies that run a traditional office – but even more so for businesses that have abruptly shifted to telecommuting because of the pandemic.

Fending off outsider attacks and monitoring insider threats become even trickier with a distributed workforce.

“Outside of overall security – when employees are working remotely – leadership teams are wary of the use of shadow IT,” says Igloo Software’s Sean Duffy.

READ MORE: Coronavirus: 3 elements of remote work communication

This happens when remote workers start using tools and applications that weren’t sanctioned by the company’s IT department. Not only does it create “significant inefficiencies” when teams don’t collaborate on a unified platform – it also poses a security risk for companies “if sensitive or private information is shared and then becomes compromised,” Duffy tells HRD.

“To prevent the use of these ‘rogue’ applications, employers should consider conducting a thorough audit of all the tools used by their employees,” he says.

HR leaders can work with IT in selecting a secure and reliable platform. But they should also consider employee feedback on all the productivity apps remote workers find easy to access and navigate.

“This will not only help leadership to better understand how their workforce prefers to collaborate, but also provide visibility into any vulnerabilities,” Duffy adds.

READ MORE: Navigating COVID-19 in Canada

A dedicated ‘incident planning hub’
Another step to mitigating the existence of shadow IT is to “integrate all sanctioned collaboration tools into one single, centralized location to ensure organizational governance,” he says.

“This way, leadership teams can make certain that employees are always accessing the most up-to-date and secure software solutions.”

Having what he calls a “communication and incident planning zone,” for instance, gives businesses a single place to relay policies and procedures and “broadcast up-to-the-minute messages” to the entire organization. It also serves as a secure channel for leaders to communicate and collaborate and an “incident planning hub” for the company’s response team.

“It is so easy for employees to turn to non-IT-sanctioned tools within the workplace,” Duffy warns. “Companies should treat the use of unsanctioned apps seriously, regardless of their purpose in the workplace.”

“Unsanctioned apps, software and all other ‘shadow IT,’” he says, “can create rifts among teams and generally slow down productivity.”