In 2013, thieves stole two laptops from Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ), the state’s largest healthcare provider. The unencrypted laptops contained the electronic protected health information, or ePHI, of nearly 690,000 NJ residents. Had those laptops been encrypted, then the thieves would have been unable to access the ePHI of those New Jerseyans. Unfortunately, the laptops were purchased outside of Horizon BCBSNJ’s procurement process and were not vetted by the IT department. This data breach led to Horizon BCBSNJ paying $1.1 million in damages and improving its data security protocols.
Using unauthorized laptops illustrates the hazards of shadow IT within a company. What happened with Horizon BCBSNJ should still be held as a warning to businesses across New Jersey, regardless of scale and whether they’re using hybrid work models or operating entirely on site.
What is shadow IT?
Shadow IT refers to any unauthorized use and installation of information technology (IT) resources by employees. These can include:
- Software: Unauthorized cloud storage services, productivity apps, communication tools, and even specialized industry software downloaded by employees themselves
- Hardware: Laptops, phones, and other devices owned personally by employees or purchased independently by departments
- Services: Free online data analytics tools, file-sharing platforms, and other subscriptions used for work purposes without the IT department’s awareness or approval
How does shadow IT impact your business?
For employees, using shadow IT may seem harmless. But it can have a significant impact on your business’s bottom line in the following ways:
Unsanctioned software and hardware may not meet the necessary security measures and standards of your organization, leading to vulnerabilities. This can result in malware intrusions and data breaches, which can translate to expensive restoration and recovery costs, downtime, compliance-related fines, legal damages, and reputational damage.
Industries such as healthcare or finance have strict regulations regarding data handling. Shadow IT can lead to noncompliance with the Health Insurance Portability and Accountability Act (HIPAA) or the Gramm-Leach-Bliley Act (GLBA), resulting in large fines and legal issues.
Loss of data control
Shadow IT makes it difficult for your IT staff to manage software licenses, data flow, and user access, leading to inconsistent and noncompliant data practices. In addition to the abovementioned legal issues and fines, data stored or processed outside of official channels may not be backed up or protected properly, increasing the risk of data loss and leading to more costs.
Shadow IT solutions may not integrate seamlessly with your official infrastructure or may entail expenses beyond your budget. Cumbersome integration can lead to increased IT workload, project delays, and inefficiencies in workflows and communication.
Time spent troubleshooting and managing shadow IT issues takes away from your IT staff’s ability to focus on core tasks.
Reduced employee trust
When employees resort to using unauthorized tools or software, they are knowingly or unknowingly violating company policies. This can create an atmosphere of mistrust, as it indicates a disregard for established rules and procedures.
Increased and hidden costs
Managing unauthorized tools and software can increase IT support costs because it’s difficult to maintain and troubleshoot multiple platforms effectively. You may also incur unexpected hidden expenses such as subscription and additional licensing fees.
How to mitigate the risks of shadow IT
It's important to understand that the use of shadow IT often arises from genuine and legitimate employee needs not met by the official IT solutions. Addressing these needs and finding safe alternatives can help mitigate the risks. Here’s how:
- Engage employees. Understand their needs and recognize the shortcomings of existing IT systems.
- Educate employees. Foster awareness on the risks of shadow IT and communicate security best practices.
- Offer flexible solutions. Provide a variety of approved tools and services that offer similar functionality to popular shadow IT options.
- Simplify IT processes. Make it easy for employees to request new tools and services through official channels.
- Collaborate with departments. Build partnerships with business units to develop IT solutions that meet their specific needs.
Worried that your New Jersey business is plagued by shadow IT? Looking for comprehensive solutions to address your IT concerns but don’t know where to start? Then partner with us at Online Computers. Our IT experts will customize a plan unique to your needs, and help you manage your business technology without breaking the bank. We even offer free initial consultations! Interested? Contact us today.