8 Apps Your Client’s Employees Are Using (and Shouldn’t Be)
You make sure your client’s information is completely protected with any solution you provide for them – whether it is cloud-based file sharing, backup and disaster recovery, or remote monitoring. Unfortunately, employees are still circumventing your security and leaving their company’s information at risk. How? By using consumer-facing apps that were never intended for sensitive data.
Every company has “rogue users” – who use apps to get work done – unaware that those apps may be leaving the company vulnerable. As an MSP, you need to make your clients aware of this threat and work with them to identify and prevent data from being compromised by unapproved, consumer-facing apps.
Skyhigh Networks recently identified the most common apps companies should keep an eye on in their Cloud Adoption & Risk Report:
- DropBox
- Google Drive
- MyBackup.com
- uTorrent
- YouSendIt
- WeTransfer
- Snag It/Jing/Snipping
- LogMeIn
Your clients may not know it, and they hopefully haven’t approved it, but these apps are most likely being used regularly in their organization.
The important thing to recognize is that the company’s users aren’t using these apps with the intention of leaking sensitive company information. Employees look for ways to make their jobs easier and to improve their workflow. If there are apps that can do that – they’ll use them. Most are unaware that using these apps would even pose a risk to the company.
The problem with employees using consumer-facing apps for things like cloud sharing is that it leaves the data vulnerable. If they are using an unsecure application to transfer sensitive information like credit card numbers, health records, or any other sensitive company information, it makes all of the security you set up pointless. Also, it makes it difficult to understand the real volume and frequency of cloud sharing when files are being shared among your solution and numerous other personal employee solutions.
So why are employees resorting to using consumer applications? It could be because their company doesn’t offer cloud-based file sharing – which they feel they need to better do their job. It could be because the solution the company does offer doesn’t give them the features they need or doesn’t integrate easily with their current workflow. If the system the company has in place isn’t simple and integrated, employees are much less likely to use it.
In order to increase your client’s security and keep their employees productive and happy, work with them to develop a new strategy. The “rogue” applications their employees are using can give you insight into what applications and features the company actually wants and needs. Then you can offer your own solutions that both work in the existing workflow (to keep the employees happy) and offer enterprise-level security (to keep the company safe). Then you can sanction these applications and help the company set up clear restrictions for which applications can be used, and which ones are considered unsafe.
Have you experienced employees using the applications mentioned in this list? Do you think they should be blocked, discouraged, or replaced? Let us know your strategy for dealing with companies whose employees have gone rogue in the comments below.
