Remote workers aren't taking security seriously. Now that has to change

IT teams can help mitigate the risks of shadow IT by being more flexible and adapting to the needs of remote workers, according to a new study.

Shadow IT: It's a bigger threat than you think

UK businesses must tackle the dangers posed by 'shadow IT' as coronavirus restrictions are lifted and offices begin to reopen their doors again.

Remote working has led to a heavy reliance on productivity software and other forms of collaboration tools to keep businesses running amid COVID-19. However, organizations have also lost oversight on the apps and services being used by employees to conduct business, raising a variety of fresh cybersecurity concerns for IT teams.

SEE: Shadow IT policy (TechRepublic Premium)

Research commissioned by Citrix and carried out by OnePoll has highlighted the extent of this problem. In a survey of 7,500 office workers in Germany, the US, UK, Australia, Canada, France and the Netherlands, 43% of UK workers admitted to using software and tools on their work computers that had not been approved by their IT department – or had been explicitly prohibited.

Of those using "shadow" systems – that is, technology and software not approved or managed by their organisation's IT team – the most common example was unauthorised video-conferencing applications, which nearly half (48%) of employees admitted to using, followed by instant messaging software at 45%.

To avoid shadow IT and to make businesses more secure in a future with more office workers working from home, IT teams will need to adopt a more "digitally forward culture" that is flexible, adaptable and able to anticipate employees' remote-working needs, Citrix said.

Darren Fields, VP of networking EMEA at Citrix, told TechRepublic: "The rapid shift to working from home has created the conditions for shadow IT to become an increasingly important issue. Whilst it is understandable that employees needed to adapt quickly to new pressures and concerns, given the global pandemic, it is important that businesses tighten up on these procedures going forward in order to safeguard their organization from external threats."

Citrix isn't the only organization to have spotted this trend:  a recent study from Trend Micro  also found people showing a lax attitude to following their company's IT security policies, with 56% of respondents admitting to using a non-work application on a work device and a third of respondents saying they did not give much thought to whether the apps they use are approved by IT or not.

Earlier research also commissioned by Citrix found that seven in 10 respondents were concerned about information security as a result of employees using shadow IT or unsanctioned software, with three in five seeing shadow IT as a significant risk to their organisation's data compliance. However, the same proportion also thought the use of informal software and applications by employees was generating more innovative approaches to teamwork and collaboration.

SEE: Working remotely: A professional's guide to the essential tools (free PDF) (TechRepublic) 

Fields said employers needed to plan for the fact that remote working would become more commonplace in future and "get a better handle of the situation" to ensure "bad habits don't become commonplace".

Overall, employees appeared optimistic that companies would meet their expectations for the new normal: nearly two-thirds (65%) of those polled believed employees would show a better understanding of the "human factor" in the workplace, while 47% agreed that the coronavirus crisis experience would "help soften established corporate hierarchies".

"Technology equipment aside, employers should also keep an eye on their employees' wellbeing in the new world of work," said Fields.

"In this new, sometimes unusual situation, some people have a hard time drawing a clear line between their business and private lives. This is completely understandable, especially when both occur within the same room, or even at the same table."

Also see