Tag Archives: IT

Business Technology Trends In 2018 To Help You Run Your Company More Efficiently

07 Feb 18
lverbik
, , , , , , , ,
No Comments

 

Telecommuting is the industry standard. Today, remote working is more prevalent than ever, thanks to modern software and technology. Take advantage of this shift to reduce overhead and improve employee happiness.

Cloud services continue to dominate. Ninety-two percent of modern businesses are using one or more cloud-based programs, a number that only continues to climb. The productivity and ease-of-access fixes that the cloud offers are simply too powerful to ignore. Live video improves business-customer relations. With live chat utterly pervasive, we’ll see a shift to live video chat to further improve the customer experience. Face-to face interactions, even through the Internet, provide a level of connection impossible in years past.

HomeBusinessMag.com 9/5/2017

If You Think Your Business Is Too Small To Be Hacked…Then You’re Probably A Cybercriminal’s No. 1 Target!

23 Jan 18
lverbik
, , , , , , , , , ,
No Comments

In a world of rampant cybercrime, hackers thrive on the blind faith of their targets. Despite high-profile digital security breaches showing up in the news nearly every week, most people assume they’re safe from attack.

The thinking goes that while Fortune 500 corporations like J.P. Morgan, Sony, Tesco Bank, and Target have lost millions of dollars of data breaches in recent years, my business is far too small to justify a hacker’s attention…right?

Wrong. In fact, it’s quite the opposite. According to StaySafeOnline.org, attacks on small businesses now account for over 70% of data breaches, a number that appears to be on the rise. Close to half of small businesses have been compromised, ransomware attacks alone have skyrocketed a whopping 250% since 2016, and incidents of phishing have followed suit, as reported by Media Planet.

Owners of small businesses might be excused for erroneously believing themselves safe. After all, the hundreds of little guys paying out thousands of dollars in digital ransoms each and every day are a lot less newsworthy than, say, the CIA’s recent hacking by the mysterious Shadow Brokers, or the 143 million sensitive customer records stolen in the recent Equifax fiasco. The lack of visibility of the more frequent, smaller-profile incidents plaguing the country can easily lull us into a dangerous false sense of security.

But why would a team of hackers zero in on a small-town operation when they could be targeting a giant like Google? Well, which building is a petty thief more likely to target — the bank in the center of a busy downtown, packed with security guards and high-tech theft prevention equipment, or the house in an affluent part of the city, which the owners always keep unlocked while they’re on vacation? Make no mistake — these hacker gangs aren’t boosting a couple flat screens and a box of jewelry. They’re gutting small businesses with ransoms that stretch to the very edge of their means, as much as $256,000 for a single attack, according to one TechRepublic analysis.

Of course, any small business owner will struggle to afford the security measures implemented by giant corporations. However, there is a balance to be struck between affordability and vulnerability. With just a little research, it’s actually quite easy to find an array of robust and comprehensive digital security solutions to protect your company. Such programs can turn your business from low-hanging fruit into an impenetrable fortress.

Even if you’ve somehow managed to make it through the past few years without a data breach, statistically, you can be confident that hackers will come for your business one day. With that in mind, it’s important to be prepared. Just because you haven’t had a life-threatening illness in the past two years doesn’t mean you shouldn’t have a wide reaching health insurance policy. Just because your car hasn’t broken down since you bought it doesn’t mean you shouldn’t regularly change the oil and invest in car insurance. And just like your car, your network security requires regular maintenance and upkeep to stay effective. If you grab your security software from the bargain bin, install it and forget it, you’re only marginally safer than you were before installing the barrier in the first place. Cyber security isn’t something you purchase to check off a box and give yourself an imaginary peace of mind. Instead, it’s an investment in your company’s future, the safety of your customers, and the longevity of your livelihood.

If your business isn’t too small to attract the attacks of hackers — and we guarantee it isn’t — then it’s certainly precious enough to protect. Cybercriminals will come for your business one day, but equipped with a set of up-to-date, powerful security protocols, you can rest easy knowing they’ll go away empty handed.

 

4 Sneaky Ways Cybercriminals Used Phishing In 2017

10 Jan 18
lverbik
, , , , , , , , , , ,
No Comments

Cybercriminals were more active in 2017 than ever before, with a staggering array of high-profile hacking incidents in the news each month. Here are four of the ways hackers used phishing to penetrate some of the most secure networks in the country last year.

Shipping Info Scam: Last July, an Internet security company called Comodo outlined a phishing strategy that was zeroing in on small businesses. Hackers sent phishing e-mails out to more than 3,000 businesses with the subject line “Shipping information.” When the recipient clicked the tracking link in the body of the e-mail, it downloaded malware to their PCs.

WannaCry: This widespread ransomware exploited a weak point in the Windows operating system to infiltrate networks across the country. Once it was in, the malware locked users out of their files and demanded a hefty ransom to retrieve their data.

The Shadow Brokers: Last April, the ominously named Shadow Brokers released a huge number of classified tools used by the NSA, including Windows exploits, which hackers then used to infect businesses throughout the world.

Google Docs Phishing: In May, hackers sent out false Google Docs editing requests to over 3 million individuals. You know how the story goes — when recipients clicked the link, phishers gained access to their entire Gmail account.

 

SmallBizTrends.com 08/29/2017

Why Hiring The Cheapest Computer Support Company Will Actually Cost You More

13 Dec 17
lverbik
, , , , , , ,
No Comments

As anybody working in IT will tell you, the most common question we get isn’t, “Why is my computer running so slowly?” or “Why is my Internet not working?” It’s, “What do you charge for your services?” With so many IT companies clamoring for your attention, it makes sense that you’d want to look for the most inexpensive, cost-efficient option, right?

The problem is that this question doesn’t get to the heart of the issue. Sure, any IT company can offer rock-bottom prices, but as with anything else, those savings are going to come with fewer, lower-quality IT services. Also, many cheaper services say they are inexpensive, but they typically have slow response times and nickel and dime you over everything.  Instead of asking about price right off the bat, the better question is, “What will I get for my money?”

With cheapo IT companies, the answer is not much. Maybe they’ll be there when the server breaks down or if Microsoft Word is acting weird on your computer. But you can bet they won’t help you implement IT systems that will prevent real, catastrophic issues from arising – the kinds of things that determine the success or failure of a company at the most basic level.

Today, business and technology go hand in hand. It’s an inescapable fact that good tech forms the pillars upon which successful companies stand. Many business owners still insist on cutting corners with IT, hiring cheap and inexperienced “professionals” to protect and support the most fundamental aspects of their operation.

Of course, it’s hard to fault them for doing so. Without a firm grasp of a business’s IT needs, it’s all too easy for a subpar, would-be IT partner to convince an owner they meet the company’s requirements. That’s why the question, “What will I get for my money?” is so important. IT support coverage needs to be comprehensive, addressing every potential sink-or-swim crisis before it actually happens. The integrity of your network infrastructure should support your business, rather than force you to run around putting out fires.

A downed server or temporarily unreliable network might seem like minor issues, but even the smallest of IT problems can easily snowball into an expensive nightmare that threatens your company’s very existence.

Take a company that stores all its data on a central, networked server, for example. Maybe they’re a content creation firm, with terabytes of custom-designed client marketing materials stashed away, or a large law practice with thousands of vital case documents. They were reluctant to spend much on IT support, so they went with the cheapest option available. Of course, regular server maintenance wasn’t included in their package, but they assumed their trusty hardware would keep kicking for at least a few more years. But when an employee tries to access the database, an error pops up. Upon further investigation, it turns out the outdated server has finally broken down, apparently for good. All those documents, all that data instrumental to the basic functionality of the company, is irrecoverable – thousands of hours of work (and thousands of dollars) down the drain, and all because of an issue that would easily have been caught and prevented by a team of qualified IT experts.

When technology works, it’s easy to imagine that it’ll continue working without issue. But the fact is that a computer network requires constant, behind-the-scenes monitoring and maintenance to ensure it stays up and running, not to mention secure.

From hordes of hackers waiting in the wings for you to slip up, to hardware failure, to natural disasters, rogue employees and a million other IT threats, it’s important to ensure the stability of your network before a problem comes knocking. Cheap Band-Aid solutions work great until the day they cost you thousands. It’s better to invest in a team of real IT experts, and avoid crisis altogether. It’s much cheaper to prevent something from breaking than it is to replace it altogether.

Top Tricks Cybercriminals Use To Hack Your Computer Network

16 Nov 17
lverbik
, , , , , , , , , , , , ,
No Comments

There’s no denying that cybercrime is on the rise. All it takes is a glance at a few big news stories from the past couple years. Equifax gave up the information of over 100 million people, many of them not even users, to a surgical hacker attack. Last May, over 57,000 infections spread from a single ransomware source across 99 separate countries, with damage reaching everything from hospitals and businesses to vital public utilities like the German railway network. And how many high-profile celebrities have had their phone’s picture feeds hacked and had to deal with the scandal of some maliciously leaked photographs, some of which they’d deleted years before?

But it’s not just massive corporations like Equifax or JPMorgan or actresses like Jennifer Lawrence that are being targeted day in and day out. It’s small businesses, many equipped with far less robust security measures in place. In fact, if you’re an entrepreneur, it’s almost a statistical guarantee that hackers will target your business at some point down the road.

In your company’s battle against cybercrime, it’s essential to stay abreast of the rapidly shifting digital landscape. Only the most up-to-date security technology can even hope to protect you from the ever more sophisticated thieves pounding at your digital door.

However, it’s also important to stay informed. Here are a few of the sneakiest and most common tricks thieves use to snatch your vital data:

Social Engineering Hacking, though it can cost you thousands and thousands of dollars and do just as much damage as its digital counterparts, doesn’t require a single line of code. Instead, they find weaknesses in the “human network” of a business. For example, skilled scammers can call your business’s cell phone provider, posing as the CEO’s spouse, and convince the customer service rep to hand over passwords, Social Security numbers, and sensitive personal information. Many IT departments are susceptible to this same scam.

Often, social engineering is used to gather information that will later be used for a different strategy. Such as …

E-mail Phishing, which hijacks (or fabricates) an e-mail account with trusted authority and sends users an e-mail requesting they click a particular link. Maybe the e-mail looks like it’s from the service department of your company’s time-tracking software, seeking to remedy an error. But when the link is clicked, ransomware or other malware spreads like wildfire through the system, and the user is at the mercy of the hackers. Usually, this is used to extort exorbitant sums of money out of small businesses or individuals. Symantec reports that just last year, over 7,000 businesses of all sizes fell prey to some form of phishing scam, costing them more than $740 million in total.

Brute-Force Password Attacks Or Password Guessing are just what they sound like. Either a hacker uses a software that, after putting in some data about the target (for example, the name of their dog or their anniversary), runs through potential keys ad infinitum. With sufficient information about the target, it’s only a matter of time before the software breaks through. Or, more often than you might think, hackers can simply guess the password. Infiltrators have common passwords that use real words or common structures memorized and can run through hundreds before giving up.

Fault Injection is a different story, usually only used by the most dedicated, sophisticated hackers around the world. Cyberthieves will use a complicated software to scan the source code of their internal software or network, noting every potential weak point in the system. Then, by splicing in strings of code, they can penetrate through and steal data, inject a virus, or employ other digital mischief.

How To Protect Yourself Against These Threats

As they say, forewarned is forearmed, but it’s not enough to keep your eye out for common hacker strategies. As the progress of technology marches on, so do the techniques and softwares used by hackers, resulting in an infinite number of permutations of ways they can penetrate your system.

The only way to be truly secure is by utilizing bleeding-edge security solutions to ensure you stay ahead of the breakneck developments in hacker technology. With constantly updating software dedicated to security, along with some know-how, you can rest a lot easier knowing your data is safe.

Natural Disasters Can Destroy, But Your Data Is Safe If It’s In The Cloud

02 Nov 17
lverbik
, , , , , , , , , , , ,
No Comments

This past hurricane season has brought some of the most harrowing, widespread destruction the southeastern United States has ever been forced to weather. But, despite the enormous, tragic cost of these natural disasters, the people of these communities persevere. In the wake of widespread wind damage and flooding, communities have banded together. Thousands of volunteers and neighbors are working as one to rebuild and find the way forward. There is no doubt, however, that the havoc wreaked by Hurricanes Harvey and Irma will produce aftershocks that will echo through affected areas for decades.

To anyone who turtled up in their attic in the middle of the storm or just saw a picture of the wreckage in the news after the hurricanes departed, the physical damage caused by the storm is obvious. What’s less obvious is the effect these storms have on the futures of the survivors, the reverberating impact that cuts thousands of life plans short and forces individuals to completely change their course in a cruel reversal of fate.

“Forty percent of small businesses don’t survive these events,” said Russel Honore, the previous Joint Task Force commander for Hurricane Katrina. The electrical grid is knocked out for days, and businesses are forced to close the office for what they hope is a temporary period due to flooding.

Each day that a business can’t provide service, it’s bleeding money — a cost that many businesses, especially the little guys, can’t absorb. So, they close for good, their buildings go up for lease and those who were once the heads of promising young businesses are now unemployed, in the market for a job in a city up to its neck in water.

Just as common is a business that finds its central data structures wiped out by physical damage. Following a hurricane, most businesses near the storm should have little trouble cleaning up and remodeling following nasty flooding, but if their servers, computers and network infrastructure have been wiped out, it’s a completely different story.

Oftentimes, a catastrophic loss of data will shutter a business for good. A 2010 report by technology research firm Gartner Group stated that 43 percent of businesses went belly-up almost immediately after a “major loss” of data, while 51% shut down within just two years. That leaves a measly 6% survival rate for businesses that suffer company-wide data loss.

These are scary numbers, to be sure, but there is good news: Businesses that migrate their data to the cloud are at significantly less risk of losing vital data. This is not only because your typical cloud service will back up your up-to-date data with several levels of redundancy, but because most cloud services are actually more secure than their on-site counterparts in general.

And make no mistake, businesses with on-site data are susceptible to loss far beyond physical disasters like hurricanes, flooding, earthquakes or solar flares. Don’t forget the risks disgruntled employees, freak accidents and, especially, hackers pose to your precious data. While it’s true that all of these risks still exist with cloud-based services, they’re much reduced. A 2012 Alert Logic report stated that “on-premises environment users actually suffer more [hacking] incidents” than cloud-based users, while also being subjected to “significantly more brute force attacks.” When you think about it, this makes sense. With your entire system backed up on a number of off-site locations, it’s much more difficult for hackers to encrypt the entirety of your data and hold it for ransom.

That said, not every business absolutely needs the cloud to stay secure. Certain business models need on-site structures for various reasons, and a few find it more cost-effective. Still, the cloud is definitely something that any savvy business owner needs to examine closely as a potential option. It could mean the difference between flourishing in the next fiscal quarter and going under.

Skimp On Data Protection And Pay The Price

10 Oct 17
lverbik
, , , , , , , , ,
No Comments

We’ve said it time and again: Today’s cybercriminals are using more advanced technology than ever. And those malicious tools are becoming even more sophisticated at a breakneck pace. To top it all off, new software developments are enabling these criminals to cast wider and wider nets, targeting businesses that, before, would have flown under their radar. Companies small and large, of every type, are being infiltrated by vicious cyber-attacks across the world each and every day.

Even knowing this, business owners are tempted to cut costs and corners. When you’ve never had a breach, data security can seem like a distant concern, especially for a limited budget. But regardless of which digital barriers you put in place to protect your business, you can bet on one thing: One day, your security will be tested by an attack. Whether or not the hackers punch through could mean the difference between your company shutting down for good — as 60% of small businesses do in the six months following a cyber-attack, according to the Denver Post — and remaining solvent and secure in your position.

When you’re struggling to stay afloat or simply wanting to be a savvy spender, you may think the best way to lock down your data is to put one of your staff on the task or to do it yourself.

And sure, your team can conduct hours of research searching for inexpensive security. And you’ll almost certainly find something cheap with good reviews and a decent track record. You’ll figure out how to install the software across your system, complete with firewalls, server protection, antivirus and maybe a bell and a whistle or two. Perhaps you’ll even hold a meeting to educate your staff on the do’s and don’ts of cyber security.

“Use intricately constructed passwords,” you’ll tell them. “Don’t click suspicious links in your email.”

Then, after a few days of fiddling with settings and ensuring the security software is properly in place, you’ll forget about it altogether. After all, it’s already installed, and you’ve checked to make sure there aren’t any gaps in the system. It’s not something you need to constantly monitor.

A year later, your business has — miraculously — doubled in size. You’re finally reaping profits. Best of all, a recent news story has brought your company into the public eye, and brand-new leads are contacting you every day. For the first time since the company’s inception, you can breathe easy.

Then, one Monday morning, you log into your computer. For a second, everything seems to be normal, until an innocent-looking pop-up fills your screen. “Attention!” an eerie robotic voice barks from your speakers, “Your documents, photos, databases and other important files have been encrypted!”

Thinking it’s a hoax, you click into your server drive. To your dismay, you really are locked out of everything. So, palms sweating, you read the rest of the pop-up. It provides instructions to install the deep web browser Tor as well as an address for you to visit. When you go there, you learn that in order to recover all your data, including the credit card information of your customers, you’ll need to dish out $50,000 in bitcoin.

A year ago, you couldn’t afford adequate cyber security. Can you afford $50,000 in cash today?

Identical situations are unfolding every day, with people exactly like you. Back in April, CNBC reported that across the previous 12 months, half of all small businesses had been infiltrated by malicious hackers. “Cyber security is clearly a concern that the entire business community shares, but it represents an especially pernicious threat to smaller businesses,” wrote the Securities and Exchange Commission in a 2015 report. “The reason is simple: small and midsize businesses are not just targets of cybercrime; they are its principal target.” Cheapo security solutions might be fine for a lone browser surfing the web at home, but they are shockingly inadequate resources on which to base the entire success of your company, your livelihood and the livelihood of your employees.

Frankly, it’s irresponsible to lock your data behind a flimsy $5 firewall. Invest in robust cyber security solutions and secure the future of your company.

Why Your Current Antivirus, Backup, And Firewall Have Been Rendered Completely USELESS (And What You Need To Do About It)

16 Aug 17
lverbik
, , , , , , , , , , ,
No Comments

At the end of World War I, German engineer Arthur Scherbius constructed a device that would become central in another worldwide conflict of unimaginable magnitude over 20 years later: the Enigma machine. The machines, which steadily became more complex with each iteration, consisted of a series of rotors that, by themselves, encrypted messages input via the attached typewriter. Each rotor performed a simple substitution cipher, but when run through multiple rotors, the encryption reached a staggering level of complexity.

Initially used for transmitting sensitive company secrets in the commercial sector, the technology was eagerly adopted by the German military machine prior to World War II. After war broke out across Europe once again, Enigma encoding became central to the operation of the Axis powers, used for sending vital, sensitive intelligence across the airwaves. Due to the complexity of the Enigma system, the Germans were certain that the code would not, and could not, be broken.

But the Germans were wrong. Using photographs of stolen Enigma operating manuals obtained by a German spy, the Polish General Staff’s Cipher Bureau managed to construct an Enigma machine of their own, enabling them to covertly decrypt substantial amounts of Axis intercepts. Ahead of the impending invasion of Poland, the Poles shared their knowledge with the French and British military to expedite the defeat of the Germans. A massive team at Bletchley Park in Buckinghamshire, led by code-breaking master Alan Turing, became the central location for Allied efforts to keep up with Enigma operations.

Germany, still convinced the code was fundamentally unbreakable, continued using Enigma for a wide array of communications. But even the most complicated four-rotor Enigma systems were eventually decrypted. Great pains were taken to ensure the Germans never learned their precious code had been broken, labeling any intelligence gained from Enigma as “Ultra,” keeping the significance of Bletchley Park’s operations under wraps. Ultra-intelligence was used sparingly to avoid German suspicion.

The efforts of the Polish Cipher Bureau, Alan Turing, Bletchley Park, and the hundreds of men and women who contributed to the cracking of the Enigma code were described as “decisive” in theshortening of the war, and, at the high end, are estimated to have saved over 14 million lives.

Much like the Germans who assumed Enigma was uncrackable, most business owners believe their current, potentially outdated, cyber security measures will keep their data safe. But, in the contemporary age where digital information is as precious as gold, cybercriminals are working around the clock to penetrate even the most robust security solutions. You can bet they’ve already created a workaround for your current antivirus. What was good enough before may not be good enough today. After all, it’s simply impossible that a security solution from even two years back could be equipped to defend your precious data from a cutting-edge hacking technology that didn’t even exist when it was created.

Today, companies that fail to stay abreast of the latest cyber security trends — clinging foolishly to their own Enigma — are certain to pay the price down the line. Once the lock is picked, you need a new lock, and criminals are cracking new locks each and every day.

Luckily, as your IT provider, we’re cyber security experts, and we constantly seek the latest and most robust security solutions. Don’t leave your company’s security up to a false sense of confidence. Always be looking at options to upgrade your digital security and make it a sure thing.

The ONE Thing You Must Do to Keep Your Data Safe in the Cloud. Is Your IT Guy Doing This?

26 Jul 17
lverbik
, , , , , , , , , , ,
No Comments

How secure is your data? Cloud data storage is becoming a massive industry in this country, and many businesses and other institutions are putting their data into the cloud. Some of this data is pretty harmless. Other stuff — like hospital records, banking information, or company payrolls — are prime targets for bad actors. Is the cloud storage tradeoff worth it?

The short answer is yes, but only if your IT guy is encrypting your sensitive data.

Every cloud storage company you talk to will claim to take top-of-the-line security measures on behalf of your data. But that, in a nutshell, highlights the problem with cloud storage. Your data is entrusted to a third party for safekeeping. It’s possible that they’d do everything in their power to safeguard your information. But bad things, like ransomware, phishing, or just plain going out of business, do happen. And when they happen, it’s not the cloud storage company whose data is on the line; it’s yours.

Even if that doesn’t occur, let’s be honest. Most of the major cloud storage companies are based in the United States, the U.K., or France, where they could be subject to NSA snooping (or questionably legal surveillance from any other government entity). Despite the best efforts of many storage companies to  prevent government intrusion, your data could still be at risk, even when it’s locked up tight.

This brings us back to encryption, which is the hands-down best way to protect your data, period. It’s just like locking sensitive data in a box, with a password needed to reopen it. Even if someone gets ahold of the box, if they don’t have the password, there’s nothing they can do with it. There are a lot of encryption tools out there and you’ll want to make sure that you have the right one for your specific needs. If you ever need a recommendation, don’t hesitate to reach out and ask! We’ll be happy to provide you with the specific recommendation (free or paid) that fits your needs.

In addition, most cloud storage companies protect your data with their own encryption, but this isn’t as secure as encrypting your own information. That’s because the cloud storage company has the encrypted data in its possession, but it also has the keys to that data. If someone can get in, they can probably get the information they want. And a disgruntled employee — or just a hapless one — can also provide hackers access to the system through good old-fashioned human engineering.

If the cloud storage company is compromised (and it happens quite often), will your data be secured or unsecured? Well, if you’re encrypting your own data before uploading it, then the bad actors will open up the safe to find … a bunch of locked boxes. Pretty frustrating, right?

On the other hand, if you’ve trusted the cloud storage company to take care of everything, you’re going to have a bad day.

As you can tell, it makes sense to have your IT guy encrypt everything that gets put on the cloud before it gets there. But remember, just as your cloud storage provider is vulnerable, you can be vulnerable as well. It’s less likely that bad actors will target your company specifically, but if they want your data bad enough, they’ll go to great lengths to get it.

Many people have a misconception that these criminals will just use a magic program to crack your encrypted files. Decryption does exist, but it requires a lot of time and processing power. It’s far more likely that hackers will target your email or other aspects of your system and try to find out the encryption codes that way. And never forget that people are the weakest part of your IT security. Educate employees so they aren’t vulnerable to phishing scams, downloading questionable software, and visiting the wrong websites.

The Hidden Dangers Of “Shadow IT” To Your Business

14 Jun 17
lverbik
, , , , , , , , ,
No Comments

We all know that using information technology — programs, apps, or internet browsing — carries a certain amount of risk. Nobody wants to have their secure data compromised, but technology brings enough benefits that the risk is worth it. So you vet certain systems, you establish protocols, you update and patch your software, and you keep track of the technology used at work.

But what about the technology your employees are using that isn’t part of your official plan? We’re talking about messaging apps, Excel macros, cloud data storage, collaboration spaces, and even hardware like USB drives, smartphone storage, and personal laptops that you don’t control.

We call this “shadow IT,” and that’s a whole lot of potential holes to cover!

Even if you ignore the dangers of having accounts hacked, data stolen, and websites vandalized, shadow IT can be very inefficient. You don’t control it, so you don’t know where important information is or what work is being done. It makes it hard to avoid duplication of efforts and even harder to manage employee productivity. What are you to do?

Well, your gut reflex might be to “crack down” on using unauthorized technology for work purposes. Swallow that reaction, though — you can’t stop it, and you’ll just harm morale. You’ll also drive usage even further underground; your people won’t be honest with you for fear of reprisal. That means that if a compromise occurs, you’ll be the last to know.

Instead, keep an eye on the situation. Make it clear that you support employees using the tools they need to get the job done, as long as they let you know what those tools are. If your people start using cloud storage apps, that’s fine — but have them explain how they’ll keep that data secure. Just as you empower them to find their own tools, empower them to keep things secure.

You probably can’t come up with a list of all the shadow IT that’s being used at your work, but you can keep an eye on the trends as they develop. Research the technology that’s being used and watch the headlines for data breaches or other compromises.

In some cases, you will have to crack down on specific apps, programs, or devices being used at your work; they’re just too risky. If you’ve worked with employees and fostered good communication, this shouldn’t be an issue. Remember to avoid blaming employees when shadow IT becomes a problem — especially if they bring the issue to your attention themselves. There’s nothing wrong with asking your people to stop using a specific program or device, as long as you’re transparent and have good reasons.

Last, but not least, try to look on the bright side. Shadow IT may be a little risky, but it also presents opportunities for employees to drive productivity and try out new best practices. If they’re using a piece of technology, it’s probably doing something that the currently “approved” tech is not. They’re also showing self-starter tendencies and trying to do their job better. And that’s always something you should support!