Cyber Security
Sappi

Don’t let SHADOW IT
blur the lines of safety.

In a world where business has become almost completely digital and online, and remote working is becoming more common, everyone is trying to find the best way to get their work done. However, in this concerted effort for convenience and increased productivity, a lot of us lose focus on cyber safety and we don’t consult the IT department on our software and connectivity choices.

Focusing on SHADOW IT – What is it?

SHADOW IT refers to the use of any unauthorised information technology systems or practices within the online and on-site work environment, such as:

  • Devices
  • Software & Applications
  • Cloud-based services
  • Internal control tools
  • Telecommunication tools
  • Disabling any mandatory IT controls such as Antivirus software
  • Dangerous account conduct such as password negligence
  • Sensitive data storage or use on public networks
  • and so much more …

SHADOW IT occurs when a company’s IT department is not aware or was not notified of any new instance that involves connecting to a network or cloud-based service, installing software, or using an unauthorised device that could contain a number of data breaching third-party applications.

The impact of SHADOW IT can be catastrophic for any business network. This is why the IT department always has to have a clear view of all the devices, software and networks that are present within the company. When it comes to SHADOW IT, don’t blur the lines – focus on cyber safety BEFORE making use of SHADOW IT.

Easy to see awareness statistics on SHADOW IT:

57

The average number of cloud services CEO’s think they have within their company network structure.

1,083

The actual average amount of cloud services a company can find within its network.

SHADOW IT gets less blurry when you know the benefits and flaws of using it.

CREATE CLEAR NEW LINES WITH YOUR IT DEPARTMENT

Innovation will always have its place within the Sappi workspace, but the lines of communication between you and your local IT department can not afford to be blurry at all.

When considering new SHADOW IT software, challenge your local IT department to help you incorporate it in a safe but effective manner, which will benefit Sappi as a whole.

FOCUS ON CYBER SAFETY

Not all SHADOW IT might be legally compliant with the POPI Act or Sappi’s GDPR Policy. BEFORE YOU USE ANY NEW SHADOW IT, it is crucial for the IT department to check the following:

  • Is this Shadow IT software safe to use?
  • Does it comply with all the legal requirements of the POPI Act or Sappi GDPR?

Easy to see vulnerability statistics on SHADOW IT:

1/3

of all successful security attacks will come through SHADOW IT systems & resources in 2020.

1in5

organisations have experienced a data breach due to SHADOW IT.

There are many ways that cybercriminals can blur the lines of safety and cause havoc through SHADOW IT.

HOW THEY TRICK YOU:

The License Agreement: The most blurry part of installing new software or applications is going through the entire software license agreement. Cybercriminals know that most users don’t read the license agreements, so that’s where they hide a contract clause in plain sight. Sometimes these clauses allow the software or application to share your data with unauthorised third parties or advertisers.

Fake links, login screens and IT technicians: Through phishing research, cybercriminals often know where you log into or what services you use, because of your exposed data. They then pretend to be one of the services you often use, to trick you into giving them your passwords and data access.

Blurry lines of communication: There isn’t a central formality or a global agreement around the management of cloud services, so this always provides an opportunity for miscommunication or a cyber safety threat to creep in. Cybercriminals, therefore, have lots of clear opportunities where they can lurk unnoticed and destroy the cyber safety of everyone in the Sappi.

HOW THEY RECORD YOU:

Your webcam, microphone & Telecommunications Software: There have been reports of entire conversations being recorded in well-known applications such as Zoom and Skype. Meetings hosted in unencrypted online spaces can be a clear target for cybercriminals who want to gain inside info and network access.

Your every move on your desktop & mobile home screen: An increasing number of IT assistance is being done remotely. This means more remote-access software is present on systems. When used incorrectly or left unattended, cybercriminals can use software like Teamviewer or Anydesk to not only record your digital actions but also interfere with it and take control of your system – giving them a clear view of the sensitive data you store on your devices.

HOW THEY STEAL YOUR DATA:

Unsafe Network Connections: Cybercriminals have many ways in which they can gain access to your device or software, especially if you are signed into a WiFi network that is not protected by a sufficient firewall, or if you leave your Bluetooth on when it’s not in use.

When you don’t stay focused: When you fall for a phishing scam or SHADOW IT trickery, cybercriminals often only need one single detail in order to gain access to more data. Sometimes all they need is your Credit Card number or social media profile page links.

Focusing on Cyber Safety – How to use SHADOW IT safely:

BE AWARE:

Test & Verify: Know that any new application, software, device or network connection can have its flaws. That’s why it’s always best to keep your local IT department aware of what SHADOW IT is being used, and to let them test its safety.

Keep Your Data Secured: When accessing a new login or purchase page for a piece of SHADOW IT, it’s best to verify the legitimacy of the page before entering your personal data. Run it by your IT department to see if the next step is safe.

Nothing Is Free: Even if a service or software application advertises itself as “free to use”, there will be some way in which the developer can make money out of your usage. This is often well-hidden in the license agreement and can be a fatal technicality for the safety of your data. Your IT department knows most of the tricks that cybercriminals use, which is why it is best to consult them at all times.

BE VIGILANT:

Multi-Factor Authentication (MFA): Where possible, always enable MFA on all your logins and devices, to add an extra layer of clear protection against cybercriminals. (All Sappi account security is set up and enforced by the Sappi Central Account Security Policy, which is backed up by MFA.)

Passwords: Don’t use the same password for multiple accounts and logins. Make use of an authorised Password Manager to keep your logins safe and encrypted from any third party interference on your device.

Don’t blur the lines.

Consult IT: Never buy or activate a cloud-based app or software without consulting your local IT department or procurement. The potential risks involved are not worth losing focus on cyber safety at any given point.

Communicate: Informing your local IT department about your choice of SHADOW IT usage, helps them to be able to focus on your cyber safety and keep the rest of the company’s data safe.

Stay focused when using SHADOW IT and you will stay cyber safe.