How MSPs can reign in pandemic-fuelled shadow IT

grafitti of a spy on a wall

Remote working has become the norm rather than the exception for many over the last 12 months. It’s a trend that’s not going to go away either, with over 82% of UK businesses admitting they’re considering changing future working practices to allow more staff to work from home - even once COVID-19 restrictions ease.

Managed Service Providers (MSPs) will likely have several clients who need to rely on outdated systems to deal with the additional strain brought on by so many staff working from home. These clients are grasping in the dark, and stretched more than ever, giving MSPs the opportunity to offer innovative ways of helping them mitigate the additional risks.

Keeping sensitive data safe and secure

IT teams are struggling to keep sensitive data safe and secure, and there’s never been more data to manage than there is now. In 2018, the global volume of data was 33 zettabytes (ZB), with some projections suggesting that it could balloon to 175 ZB by 2025. As well as untold reputational damage, leaving sensitive data open to attack is likely to be in breach of increasingly stringent regulations, not least of which GDPR. The EU’s data protection regulations are just the tip of the iceberg, however, and each industry has a plethora of its own rules and regulations to adhere to.

The home working trend has left businesses vulnerable because it’s added a huge number of endpoints that weren’t there previously. The bring your own device (BYOD) trend was already fully ensconced pre-pandemic, but this trend has rocketed in the past 12 months. Staff are now using work laptops and mobiles in record numbers to order their groceries and speak to friends online, for instance.

IT teams can’t manage what they can’t see. These devices are now likely to play host to a multitude of apps that haven’t been vetted. Even before the pandemic, one survey found that on average, most organisations believed they had only 30 to 40 apps running on their network when in reality that number was more than 900. As the lines of home and work life continue to blur, the propensity for shadow IT has only increased.

This isn’t the time to be cutting corners

Since lockdown began, there has been a sharp increase in the number of ransomware attacks, with the damage caused potentially severe and widespread. Back in 2017, the largest ransomware attack to date, WannaCry, was estimated to have affected more than 200,000 computers across 150 separate countries.

Our own research found that one-in-five (21%) businesses experienced a ransomware attack, and of those, over a quarter (26%) couldn’t access any working backup after the attack. Even when organisations could access a working backup, 22% of them could either only restore a partial amount of their data, or none at all.

The stark reality is that without adequate backup systems and incident response capabilities, small businesses and public institutions can become easy targets. Unlike large corporations that often have the funds and resources to protect themselves, it's an entirely different matter for smaller businesses trying to navigate the challenges of managing a remote workforce and operating with potentially outdated or vulnerable systems. That’s where an MSP can come in.

Email, company presentations, confidential documents, and customers’ bank details are all being accessed from our homes on a routine basis. Employees have been working under a completely different set of parameters; ones where new security risks are high and where cyber criminals are finding new ways to exploit any weaknesses they can find. Whilst these are uncertain times for businesses, it is far from the time to be cutting corners.

Ransomware today is rife and has been exacerbated by the current work-from-home trend. MSPs need to ensure their clients have the tools and processes in place to mitigate the impact of any cyber-attack and protect sensitive data. It should also be best practice to regularly revisit any existing disaster recovery plans and ensure that all eventualities have been accounted for.

Mikey Anderson is the global channel marketing manager at Ontrack