By Legal Futures Associate CTS
Over a quarter of law firms and in-house legal departments never or hardly ever address security risks associated with shadow IT, according to a survey conducted by Concilio. It’s unsurprising that there have been legitimate concerns about the growth of shadow IT during the pandemic, as employees have taken matters into their own hands to remain productive throughout the challenges of remote or hybrid working. IT security teams have responded by focusing on how shadow IT could put the business at risk; however, there are also numerous opportunities to explore by giving users more input into the technologies they use.
What is shadow IT?
When employees download, share or use applications, services, or software without obtaining approval from their IT department first, this is known as shadow IT. Users feel compelled to do their jobs efficiently, which isn’t always possible with the use of their pre-approved technology. By working around their company’s IT security policies, an employee may find and use a better solution that allows them to complete their tasks more quickly and effectively. News can spread of the value of such an app or service, resulting in further use of the unapproved solution across an organisation.
Lawyers commonly have a variety of technologies to choose from, including solutions for:
- Time management
- Document assembly
- Cybersecurity
- Practice and case management
Throughout the pandemic, employees have also been reliant on:
- Productivity tools such as Slack or Zoom
- Messaging apps such as WhatsApp or Snapchat
- Cloud storage such as DropBox
- Comms apps such as Skype or Telegram
- Physical devices including external or thumb drives
The risks of shadow IT
Shadow IT can pose a number of risks to the legal sector. If an IT department isn’t aware of the software or hardware in use by its end-users, then they are unable to support it or address its risks, which include loss of control and visibility, lost data, non-compliance and unknown expansion of attack surfaces.
The Legal Trends report highlights that lawyers spend 71% of each day carrying out admin tasks including client communications, knowledge management and automation of client intake. Where there are potential shortcuts to these tasks, busy fee-earners might be tempted to switch to easier solutions, such as using their own hardware to access cloud-based storage, sending confidential client files to a colleague’s personal email address or logging into the company Wi-Fi from a home laptop, which is quicker than a work device.
All of these scenarios risk a data leak and cyberattack occurring, which can cause enormous reputational damage to a law firm, as well as carrying heavy financial penalties as set out by the Information Commissioner’s Office. However, it’s worth recognising that these risks can be mitigated by working with end-users to address the challenges they are facing with the existing pre-approved technologies.
Allowing employees to own their work experience
A recent study by Entrust, entitled ‘The Upside of Shadow IT: Productivity Meets IT Security’ suggests that allowing employees to participate in the decision-making process when looking at what systems to adopt, may not only result in a productivity boost but also in better employee retention and greater trust leadership. 77% of employees involved in the study believed that their company could gain a competitive advantage over industry rivals by leveraging shadow IT. 45% of them felt more engaged when using the technology that was selected with their feedback in mind, and 40% were more likely to stay with a company rather than look for a job elsewhere.
By giving employees more input into the selection of systems that can support their roles, users receive a more enjoyable user experience, especially during the pandemic, when remote workers have been somewhat left on their own, it makes sense that they should also be allowed to adopt new working practices.
Route out of the pandemic
Shadow IT has become a necessity in the pandemic, as Matt Modlin of Capgemini North American Cloud and Edge Center of Excellence explains “It is likely that almost every business has shadow IT to some degree, especially with the expansion of work from home and remote IT, the march toward cloud services and proliferation of IoT and other endpoint devices.”
If your company’s IT systems are not geared towards moving your law firm or chambers forward in such chaotic times, then you’re likely to fall behind the competition. The key to progression is to remove the bureaucracy that stands in the way of what makes sense for you.
Ultimately, that relies on involving your users in IT decisions and then designing your systems around them. Gaining continuous feedback from your employees, in regards to technology, can support your selection process by lessening the likelihood that you adopt a piece of technology that is too laborious or complex for your users to use, meaning financial loss and an unhappy workforce.
Take ownership of shadow IT
Note that shadow IT isn’t all bad. Embracing shadow IT can present a great opportunity for your law firm or barristers’ chambers – the benefits of shadow software solutions may in fact outweigh the associated risks, if implemented properly.
By fully understanding their needs and expectations of your end-users, you have the ability to use shadow IT to your advantage – as a tool to drive digital innovation. Keeping clear lines of communication open and working together collaboratively, as employees, the IT team and the decision-makers, you can create a strategy that supports the goals of the individuals and of the business as a whole.
CTS provides IT solutions designed for the unique needs of the legal sector. From strategic consultancy and managed services to cloud platforms and cyber protection, we are perfectly placed to help your company embrace the opportunities presented by shadow IT. Contact us today on 0345 872 4400 to speak to our team.