2025-11-25
SECURITY HINTS & TIPS:
Shadow IT: The Hidden Danger
What is Shadow IT?
Shadow IT refers to users utilizing apps, software, or cloud services that your IT department is unaware of or has not approved. Think of it this way: your company has official tools that everyone’s supposed to use, but Steve from accounting is using a random file-sharing app he found online because it’s “easier.”
π¨ Real-world example: Instead of using the company-approved Google Drive, someone uses their personal Dropbox account to share confidential client files. Boom, that’s shadow IT.
β οΈ Risks of Shadow IT
1. Data Loss/Leaks
Official company tools have safeguards and monitoring in place. Using unofficial tools can result in data loss or unauthorized external sharing without IT oversight.
The danger: Critical business documents can vanish overnight or be available externally without oversight.
2. The IT Team Can’t Help You
When something goes wrong with a shadow IT tool, your IT department can’t fix it. They don’t have access, they don’t know how it works.
The danger: When disaster strikes, you’re on your own.
MGC CYBER
HEROES
Thanks to our amazing users, who play a crucial role in keeping our organization safe every day by spotting and reporting phishing attempts through the Phish Alert Button (PAB). Recently, Dave Jupp from the Near North Customs Team reported an email indicating a cryptocurrency deposit with the aim of harvesting sensitive credentials via a dropper.
Thanks to Daveβs swift action, our Cybersecurity team was able to take prompt action to isolate the threat and enrich security indications of compromise intelligence, which in turn prevents any harm to the company at large. His vigilance and dedication to being a human firewall were key in stopping this attack.
A big thank you to Dave and all our Cyber Heroes for your ongoing commitment to protecting our organization! ππ
3. Incident Response Limitations
When security incidents occur on unauthorized platforms, our IT Security team is unable to access logs for investigation, implement containment measures, or recover compromised data.
π£π£ Real Horror Stories
Story #1: Okta (2023) – Where an employee using their personal Google account on a company laptop led to a breach affecting 134 customers, including major cybersecurity companies.
Story #2: Pennsylvania Department of Health / Insight Global (2020-2021) – Where employees used unauthorized Google accounts for COVID-19 contact tracing, exposing 72,000 residents’ health data and resulting in a $2.7 million settlement.
Story #3: UMC Physicians Texas (2019) – Where healthcare providers used unauthorized Google Drive and Gmail for patient information, exposing 3,300 patients’ protected health information.
π‘οΈ Your Role in Preventing Shadow IT
- Use Only Approved Technologies
- Request Approval for New Tools. If you have a legitimate business need for a specific application,
- Report Existing Shadow IT. If you’re currently using unauthorized tools, π https://itportal.io/servicedesk
- Recognize and Report Security Concerns. π https://itportal.io/servicedesk
Manitoulin Group of Companies Security Team
Cybersecurity@manitoulingroup.
Stop, Look, and Think. Donβt be fooled.