The risks of cyberloafing on the job
Shadow IT is a result of employees using their own downloadable tools, computer programs, or software, without approval from their IT department. This security risk exploded with COVID-19 when workforces went remote. Gartner predicts that by 2027, 75% of employees will acquire, modify, or create technology outside their IT department’s visibility. This is a 41% increase over measurements taken in 2022 and a problem for organizations seeking to build their cyber resiliency.
When users implement the tools they deem necessary without approval from IT, they create holes in an organization’s cybersecurity. Unknown software can range from trustworthy project management or video call tools to applications packed with exploitable vulnerabilities. Shadow IT also covers any non-approved devices an employee uses that put sensitive data at risk. This may include personal computers, USB drives, or anything else that may have contained malicious software at any point.
Web content filtering tackles the issue of shadow IT, which can even include commonly used tools like Dropbox or Trello. If a tool isn't approved, it should be blocked, and employees who wish to use that tool should submit a request for proper review and audit.
