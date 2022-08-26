According to Kaspersky’s “Infodemic and Impacts on Digital Life” survey in collaboration with CORPA, 35% of Peruvians download apps to their work devices, without a license from companies. In other words, 3 out of 10 workers in the country put the safety of the company they work for at risk, without even knowing it.

Along the same lines, The most downloaded apps are social networks (74%) and messaging apps (45%). Since employees spend almost all of their working hours using these devices, they use them for other activities as well. Some even use their own tools at work, so they already have these programs or applications installed.

Why is it so important to connect what we download to IT?

Information technology (IT) is the department or area in a company that Responsible for implementing, supporting and maintaining information systems. This means that his work consists of everything from configuring an employee’s computer to Maintaining cyber security at the company level.

For this reason, “shadow IT” consists of workers who perform activities that may put business information at risk, since Performing an IT job, but without permission. That is, “from the shadows”, as they do so without informing the responsible area.

According to Andrea Fernandez, general manager of the region at Kaspersky, “shadow IT” has increased thanks to the COVID-19 lockdown. “With the pandemic, when all employees go home, it not only forced people, but departments also needed to communicate with each other. then, The security breach arises when applications or software starts downloading, but IT workers don’t know about it‘, confirms, in an interview with trade.

Although these apps can be very useful, the IT department not knowing that we are using them can cause a huge problem. “Perhaps, in the messaging app, they pass a company file between one and the other. We are always talking about the corporate sphere, and we no longer touch on the personal sphere. When a company profile is passed through this messenger, vulnerabilities start to appear there. Today’s corporate emails are on cell phone. So the risk is very high. This is where you have to be carefulFernandez adds.

What applications or software can generate a security breach in businesses?

Most applications or programs are designed to help users, but that does not mean that they cannot be dangerous. “Any application downloaded by the user without informing the IT department can lead to a security breach. That is, it does not matter what the application is. If the IT department, which is the department that gives cybersecurity rules and is the one that provides online downloads, is not aware that the employee has downloaded this app, then there is actually a security breach“, Confirms.

In our country, workers download these applications to facilitate communication between colleagues and clients. “In Peru, one of the percentages we have is that 36% of people have. So, any application you intend to download because your management needs it or because your business needs it, go to your IT department and ask them, and ask for permission. They are the ones who, let’s say, can monitor or checkFernandez adds.

Security breaches not only include malware or targeted attacks, but also the accessibility that older workers have. “It occurred to us that when we did a global monitoring of a company, on a security level, We discovered access to former employees who were with the company four years ago. It’s terrible. This is a coin‘, refers to the executive branch.

Shadow IT security violations occur due to unauthorized applications. / Pixabay

This is because the company’s information ends up in more channels than the IT has specified. “The result of what shadow IT also generates: An employee leaves the company, and even though organizations cut off all standard access, in quotes, If that ex-employee owned an app that wasn’t authorized by the IT department, the IT department wouldn’t know they had it. This employee can continue to access, perhaps, certain links, certain folders, and some files that, as a former employee, he should not have been able to access.Fernandez adds.

Moreover, these gaps can come from anywhere, including job applications. “This also happens with ransomware. Someone from HR opens a file because there’s supposed to be a resume inside that’s already infected. We always come back to the same thing: The importance of employee safety education, how important it is today“, Confirms.

During the lockdown, many employees have shared their work devices with family members. “All of them went home and used whatever devices they could. Sometimes the company did not give him equipment and they used the home computer where the son studied and the woman worked. This reality has survived and companies have survived the first six months of the pandemic. It was really a mess. It is clear that there are many companies, most of them large, that are set up. But many others do not.‘ says Fernandez.

Not being connected to IT can cause major problems, as companies now do just about everything. Through constant contact with other companies or with customers, security flaws can arise. “One case of these violations occurred in Brazil, where there were several branches and The attack was powerful in the United States. They did not have it in Latin America, but it came through hidden software, without knowledge of the IT field‘ asserts the executive.

How can we prevent these security breaches?

Fernandez points out that in addition to constantly communicating with your IT department, you should be aware of how dangerous it is to install an unauthorized application. “What we recommend against this is Review company file access policies. people of IT should keep an up-to-date inventory of software, applications, and anything downloaded. It is important to report the seriousness of this. The employee must know, have an idea, be aware of the risks‘, he points out.

The main thing is to teach users that there can be security breaches, but also lose the fear of asking questions. “The second point is the query. They should consult IT experts who know. If they don’t have IT staff, well, they have to find out from those who advise them, from partners, from people who know about cybersecurity. There are companies that have an IT department and there are other companies that don’t. If they didn’t have an IT department, the company might not have been that big. So it’s easier to keep people informedFernandez adds.

Likewise, the IT department must learn about the tools needed for the job today. “people of The IT department must have identified or discovered the software or applications that each area needs, so that employees do not download them. Often, because of the way we run every day, this is done reactively rather than proactively. The truth is that it must be done proactively, to see what is happening and what is being downloaded. We also recommend using encryption. This can solve many problems“, Concludes.