November 17, 2016

    How Shadow IT Can Wreak Havoc On Your Financial Institution

    77% of IT and line-of-business decision-makers reported that departments within their organization have used a cloud service without the involvement of the IT department, according to a recent survey. Does your financial institution fall into this category? Are employees using cloud services or other applications that aren’t sanctioned by your IT team? If so, you’re dealing with Shadow IT -- and the risks are a serious threat to your business.

    Consider some additional survey findings:

    • 71% of respondents said that Shadow IT has been happening in their organizations for up to two years.
    • 83% use popular free, unregulated cloud storage applications, such as Google Drive, Dropbox, Apple iCloud and Amazon Cloud Drive, for sharing company information.
    • 56% do not know which country their cloud-based data is stored in, yet 80% believe that their data stored in the cloud is critical to running their departments.

    It’s vital to determine whether your organization is suffering from this reality and take the necessary steps to alleviate the problem. In this article, you’ll discover Shadow IT’s potential to wreak havoc on your financial institution and obtain insight on how to manage it.

    Is Shadow IT Rampant at Your Financial Institution?

    Shadow IT is a term that refers to employees using hardware or software that is not supported by your central IT department. This includes the prevalent Shadow Cloud, or the idea that members of your business are using their own cloud providers at some point during the day.

    Your employees may be installing applications on their work computers to carry out specific aspects of their roles, like file-sharing, without your IT team knowing about it. Perhaps employees have found that these unauthorized applications enable them to be more efficient and productive or that they’re easier to use. Even if either of those claims is true, applications that are not implemented and monitored by your IT department can have extremely serious and costly ramifications for your financial institution as a whole.

    Unregulated IT solutions lead to gaping security vulnerabilities, and that’s not a risk your organization can afford to take.

    How Shadow IT Threatens Financial Firms

    As a business in the financial services sector, you’re required to follow certain government regulations in order to maintain security and compliance. For example, the Gramm-Leach-Bliley Act (GLBA) must be observed in this industry.


    If you have employees who are using alternatives to a GLBA-compliant FTP site, your firm is not in compliance. These regulations are aimed at keeping your customers and your business from harm. Maintaining compliance is about much more than simply “following the rules.” It means protecting your financial institution from the type of devastating data breach that could lead to disaster.


    “As many of us in the security industry already know, the presence of Shadow IT can wreak havoc on compliance. When data is going through third-party SaaS applications, for instance, it’s important to understand what security risks those applications pose and whether those risks fall within the guidelines accepted by the relevant compliance standards.” (Security Week)

    Your own in-house solution for file-sharing may provide the features necessary to remain compliant, but can the same be said for any third-party applications your employees have installed without your knowledge?

    If your organization is guilty of Shadow IT that violates the Gramm-Leach-Bliley Act, your customer data is susceptible to unauthorized access, which could result in costly identity theft and irreparable damage to your reputation. In the event that your financial firm becomes the victim of a data breach, you face more than just the ensuing costs and liabilities; your customers will also be less likely to trust you with their valuable information in the future, and you may lose them altogether.

    Staying GLBA compliant enables your business to fend off existing and future threats and to stay on the cutting edge of information security. It is essential to ensure that your financial institution doesn’t risk this compliance by being blind to Shadow IT.

    How To Protect Your Organization From Shadow IT

    In order to defend your financial business from the dangers of Shadow IT and non-compliance, be sure to implement the following tips.

    • Stop thinking like a developer during IT design, and start thinking like a user.
    • Get a complete understanding of the needs of your employees. Find out why they would rather pay for or take advantage of their own third-party file-sharing account than use what you've provided to them.
    • Address their concerns by educating them on the features of your in-house solution that will enable them to achieve the same levels of efficiency and ease of use -- but in a secure and compliant way.
    • Put a strict set of guidelines in place regarding technology in the workplace, particularly cloud usage. Have all employees sign the document, and apply severe penalties to those who don’t comply.
    • Work with an FTP site provider that is sensitive to and knowledgeable about GLBA compliance.

    File sharing is becoming an increasingly more popular function in the business world, given the availability of solutions that allow easy, cloud-based file storage. But even if a consumer-grade option like Dropbox helps your employees work faster, it could be setting your organization up for big losses. If you're looking for a way to overcome Shadow IT issues like unregulated file sharing applications, there is a solution.

    Sharetru is a secure FTP services provider that has the capabilities to support your employees with the features they need while maintaining compliance. Don’t let another minute go by without addressing the risks that Shadow IT could be posing at your financial institution. Take control of security and compliance today.

    Have you experienced the harmful effects of Shadow IT at your financial institution? Share your comments below, and don’t forget to download your free copy of The Dangers of File Sharing: 20 File Sharing Threats That Could Land Your Company in Hot Water.

    Tag(s):

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts