There’s a growing trend creeping into organizations of all industries and sizes: Shadow IT. Shadow IT are unauthorized cloud applications employees are using and downloading to perform work-related activities with company data. This can be file-sharing services like Dropbox or surveys such as Zoomerang. The list goes on and on.
So what’s the problem? For starters, if you’re in a highly regulated industry like medical or financial services, you’re almost guaranteed to be flagrantly violating data privacy laws or at least flirting with them; and if you’re audited, you could end up facing BIG fines, not to mention legal fees and bad PR. Second, the barrier to entry is LOW. Anyone with a browser and a credit card can purchase or enroll themselves into applications that integrate with your organization’s critical applications and/or store company data such as client lists, e-mails, files, etc.
Of course, not all cloud apps are bad, but you as the owner and your IT person or company need to at least be AWARE of these applications to determine if they’re a threat to security or a violation of data privacy laws, and simply to keep your confidential information, well, confidential!
For starters, your IT company or person should be constantly monitoring your network for new and unknown software or devices. This can (and should!) be incorporated into routine vulnerability testing. If you’re not sure this is being done now, find out. As Intel founder Andy Grove once said, “Only the paranoid survive.” Once you know what applications are being used, you can set your company firewall to block applications you DON’T want employees to access with company data and devices, and allow those that are company-approved.
Also, make sure you catalogue these sites somewhere by user with the login information for that person. If an employee leaves your organization or is fired, they may remember what the username and password are to these cloud applications and could use them to harm your organization or steal data to sell or give to a competitor. Don’t put yourself at risk!
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”