1. Sales & Marketing
  2. Finances
  3. Your Team
  4. Technology
  5. Social Media
  6. Security
We are here for your business - COVID-19 resources >
Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.
Grow Your Business Security

Unauthorized Tech: How to Handle Careless Cloud Usage

Unauthorized Tech: How to Handle Careless Cloud Usage
Credit: Stokkete/Shutterstock

Today's employees use a variety of devices in the workplace, such as desktops, tablets, smartphones, phablets and wearables. All of these devices may make work more convenient, but they also bring challenges, especially for IT teams. Often, employees download cloud applications that are not IT-approved, and many workers fail to recognize the risks.

According to a survey by Softchoice, an IT solutions and managed services provider, one in three cloud-app users has downloaded an application without consulting IT. These unsecured, unauthorized applications, referred to as "shadow IT," place networks and corporate data at risk. However, SoftChoice found that 39 percent of employees have not been told the risks of downloading these apps.

Despite the risks, many employees refrain from using IT-approved cloud apps because of poor experiences, distrust, slow function, incompatibility with all devices and a lack of necessary features for work, Softchoice found. Workers who use cloud-based apps are 10 times more likely to choose them over IT-approved programs and four times more likely to access work files in an unsecure way when out of the office. Storage applications like Dropbox and Google Docs are popular — yet unsupported — selections that many employees believe to be suitable.

So what can you do to stop careless usage? SoftChoice made the following recommendations for businesses and their IT departments. [See Related Story: Cybersecurity: A Small Business Guide]

If employees were more aware of their risky behavior and data vulnerabilities, their carelessness would be less prevalent, said Francis Li, vice president of information technology at Softchoice.

"All employees should be trained on the proper ways their organization needs them to access, store and transfer private work files," Li said. "When it comes to downloading and using any applications, especially cloud apps, employees should also be trained on the proper procurement processes and the need to involve IT before they download or purchase anything."

Teaching workers the benefits of IT apps will also encourage them to make more valuable decisions in the workplace. Li noted that technology training should be included in the onboarding of new hires and whenever a new technology tool is introduced that you want employees to adopt.

"But regular communication to reinforce the rules and to tout the benefits of IT-approved processes — particularly when you identify a pattern of certain risky behaviors — will help to reinforce the right technology habits," Li said.

It is important for IT to understand employees' reasoning for their behaviors and preferences.

For example, why don't employees like a specific, sanctioned application? What makes the unauthorized program seem more appropriate to them?

Addressing the issue will not only sort out possible miscommunications, but it will also strengthen the relationships between workers and the IT team, Li said.

To avoid the risk of employees using unapproved applications, IT team members can regulate a "safe list" of assessed apps on an identity-management or single sign-on platform.

"Managing the sprawl of devices and apps is about encouraging all employees to work within that environment and use the apps that IT considers secure for work," Li told Business News Daily.

All programs will then be accessible to employees in a single location with a set password. This way, IT can screen application use accordingly.

"The benefit for employees is they only need to remember one password to access all their apps, and they can access them from virtually any computer or connected device," Li continued. "The benefit to IT and to the organization is the private data employees work on remains in a controlled environment, and IT can de-provision an employee's access when they leave the company or if they accidentally lose their mobile device."

Don't have an IT department? Check out this Business News Daily article for everything your small business needs to know about DIY IT.

Sammi Caramela

Sammi Caramela has always loved words. When she isn't writing for business.com and Business News Daily, she's writing (and furiously editing) her first novel, reading a YA book with a third cup of coffee, or attending local pop-punk concerts. She is also the content manager for Lightning Media Partners. Check out her short stories in "Night Light: Haunted Tales of Terror," which is sold on Amazon.