Skip to main content
Blog

How to avoid shadow IT when your communication tools fail

Reading time: 5 minutes

When the primary communication platform fails, staff often resort to personal accounts and improvised workarounds – so-called ‘shadow IT’. This ill-considered pragmatism poses risks to your organisation’s security and reputation. In our article, you will learn what the practical dangers of shadow IT are and why reliable emergency communication is a fundamental prerequisite for business continuity and reputation.

mailbox EVAC Blog Schatten-IT als Notfalllösung vermeiden

What shadow IT is and why an IT failure exacerbates it

Shadow IT refers to the use of applications, services and accounts that have never been officially authorised. These might include a private email account, a messenger group set up on the spur of the moment, or a free file-sharing service for quick file exchanges. It becomes established unobtrusively in day-to-day working life, usually with the best of intentions and out of a desire to remain able to act in exceptional situations.

In the event of an acute crisis, however, the phenomenon intensifies dramatically. As soon as the central communication platform fails, numerous employees simultaneously begin to improvise – each using the first available channel. In such a situation, employees’ behaviour is fundamentally understandable: pragmatic, solution-oriented and, in the best sense of the word, committed. Yet within hours, these convenient shortcuts turn into an uncontrolled patchwork of parallel, unreliable and insecure communication channels, in which information security and data protection are the first casualties.

GDPR and information security: Invisible risks

At a technical level, the consequences of using shadow IT are severe. Customer data and confidential documents are sent unencrypted via private email accounts over which the company has neither access nor control. This is a clear breach of the requirements of the GDPR.

When shadow IT is used, data flows without proper traceability, without being backed up and without a regulated deletion process. Sensitive data may be transferred via the cloud to foreign jurisdictions – with unknown implications for data access rights by foreign authorities.

At the same time, the organisation loses track of which channel is actually the official one. Information thus becomes fragmented across an unknown number of private accounts.

Attackers are well aware of this pattern of behaviour. They know that, following a publicised IT failure, people tend to improvise, and that in the resulting confusion, hardly anyone checks the actual source address of a message. It is precisely this state of emergency that provides the ideal breeding ground for phishing, CEO fraud and identity theft. Cyberattacks or technical glitches therefore not only weaken defences but actively open up new vulnerabilities.

Damage to reputation: The most lasting effect is felt by the recipient

In a crisis situation, the recipients of the communication suffer damage that is often overlooked in the heat of the moment. It is worth shifting perspective: a business partner receives a message from an unknown private email address, accompanied by a request to return confidential contract documents to that very address.

How is he supposed to assess its authenticity? What will they make of this strategy? And what consequences will this have for the future business relationship? At best, the process appears disorganised and unprofessional. At worst, it resembles the very type of fraud that their own IT department regularly warns them about.

Every message improvised in this way conveys an unspoken message: this company does not have its processes under control. And this, of all times, during a crisis – precisely when customers, partners and authorities are scrutinising matters particularly closely and reliability is of the utmost importance. Trust that has been built up over many years suffers measurable damage at such moments.

Communicating confidently despite a system failure

A system failure scenario can also be approached differently: The primary communication tool has also failed, but staff communicate via a familiar and recognisable business address using their own company domain.

The key element is the use of a standardised, organisation-wide communication platform and the company’s own domain. A company’s own domain can be technically verified, it forms part of the brand and acts as an anchor of trust in external communications. Those who continue to communicate under their own name during an outage do not merely appear professional in spite of the crisis, but are all the more convincing precisely because of their confident handling of it.

How to recognise a reliable emergency solution

A prerequisite for communicating without losing trust in an emergency is a secondary communication platform that can be deployed immediately. Three characteristics determine whether such a solution will hold up in an emergency or whether it itself becomes a risk:

1. Complete independence from the primary infrastructure

An emergency solution operated on the same infrastructure or by the same provider as the primary IT system is highly likely to fail alongside it in an emergency. A ‘backup mailbox’ as an additional tenant within the same system does not provide a robust solution.

True independence means separate infrastructure and an independent operator. The secondary communication platform must not depend on the very system whose failure it is intended to compensate for. Only this consistent separation creates a resilient fallback option and thus a viable component of Business Continuity Management (BCM).

Business Continuity Plan in accordance with BSI Standard 200-4

Blog mailbox EVAC Business Continuity Plan according to BSI Standard 200-4 BCM for SMEs

2. Verified reliability in information security and data protection

In an incident, an emergency platform processes the most sensitive data of all, such as ongoing customer communications, contracts or internal coordination under time pressure. It would be negligent, in this context of all things, to rely on a solution whose security level is merely claimed.

Verified reliability therefore means: confirmed by independent third parties, not merely assured by the provider. Recognised evidence such as the BSI C5 certificate or ISO 27001 certification demonstrates that information security is implemented in accordance with defined standards and is subject to external audits. In data protection, what counts is demonstrable GDPR compliance, including transparent statements about where and under which legislation data is processed.

This aspect not only provides technical protection but also delivers evidence that you can present to customers and partners. In the wake of NIS-2, robust security evidence is increasingly being demanded throughout the supply chain, even by companies that are not themselves subject to their national NIS-2 Implementation Acts. Verified reliability and business continuity are thus becoming a competitive advantage.

3. Digital sovereignty as a strategic prerequisite

An emergency solution should reduce dependencies, not create new ones. Anyone who, in an emergency, switches to a platform subject to a foreign jurisdiction – where data flows remain opaque or the terms of use can change at any time – is merely replacing one risk with another.

Digital sovereignty means retaining control over one’s own communications. Essential to digital sovereignty are hosting exclusively in Germany or the EU, data processing verifiably in accordance with European law only, open standards rather than vendor lock-in, and an operator that refrains from advertising, tracking and the monetisation of data.

Particularly when, during a crisis, so much lies beyond one’s own control, at least the emergency channel must remain entirely in one’s own hands. In the current debate on technological independence, digital sovereignty has long since become a strategic criterion.

When choosing your secondary communication platform, ensure that it is independent, verified, reliable and digitally sovereign, and that it allows communication under your own domain.

 

mailbox was developed specifically to meet this set of requirements EVAC: A professional communication and collaboration platform that runs in the background and can be activated at the touch of a button in an emergency.

Conclusion: Proactive planning means professionalism and resilience

Resorting to shadow IT is, in principle, an understandable response in emergency situations. So offer your staff a better, reputable, secure and reliable alternative.

Those who have a contingency communication plan in place protect two things at once: data and reputation. Reliability and composure in a crisis are the result of thorough preparation. And this becomes immediately apparent at the crucial moment: in every message that remains professional and trustworthy even if the primary platform fails.

How can your business remain operational in an emergency?

EVAC Button