The Impact of Unauthorized Software Installations
On average one out of four employees has installed software on their business computer that was not approved by the IT department. This is not necessarily a malicious action – oftentimes, the employee himself is unaware that his actions can cause considerable damage to the company.
Consequences can be steep for those companies found to be using unlicensed software, ranging from a criminal complaint or thousands of dollars of compensation, to an injunctive relief, a comprehensive obligation to provide information and, in case of repeated offenses, a fine which can reach even millions of dollars. Not to mention, these consequences are in addition to the costs of purchasing the missing licenses.
In many companies, there is no formal approval process to get new software installed and employees have almost unlimited admin rights for their business computer. Some software apps and browser plug-ins, such as those for teleconferencing, don’t even require admin rights to install. As a result, unauthorized and non-business software quickly enters the corporate network without the IT department and software manager are aware of it.
Let’s assume an employee has an urgent deadline to meet but doesn’t have the appropriate software for the task. Rather than go through an annoying and time-consuming approval process, an easier and faster way to get the software is to simply download it. However, he’s probably not considering whether this software is allowed to use for business purposes at all, and whether the internet source where he downloaded it was trustworthy.
In another example, and end user does go through the official approval process to get a new software but his request is rejected due to cost. Because he absolutely wants to use this software for his work, he just installs his personal version on his business computer. Even if he has no installation rights, he can just use the software at work with the help of a portable app. However, using personal software for business purposes is usually illegal as it’s not permitted by the licensing terms.
Some of the unapproved or unknown software types that are risks for your company include:
- Portable apps that allow employees to use private or non-commercial software on company PCs without needing administrative rights
> Compliance risk - Open Source Software that is often only allowed to be used to a certain extent for commercial purposes, e.g. in context with software development
> Compliance risk - Freeware that is free of charge for private purposes, but needs to be licensed by companies, e.g. IrfanView, Winzip
> Compliance Risk - Peer-to-peer applications that can be used to exchange corporate data with people outside the company -> IT security risk
- Illegal downloads that often contain “additional code”, e.g. Trojans, viruses or spyware> IT security risk