If you think phishing emails or weak passwords are your agency’s biggest cybersecurity risk, think again.
There’s another silent threat operating behind the scenes – and chances are, your team is unknowingly feeding it.
It’s called Shadow IT, and it’s a growing problem in Salt Lake insurance firms. When your team uses unauthorized apps or software without your IT provider’s approval, they’re not just creating productivity shortcuts. They’re opening the door to security vulnerabilities that can expose client data, violate compliance, and even allow malware into your network.
What Is Shadow IT?
Shadow IT refers to any tech tool your agency uses that hasn’t been approved or secured by your IT team. Common examples in our industry include:
- Producers using personal Dropbox or Google Drive accounts to store policy docs.
- CSRs installing Slack or Trello to manage tasks without your IT team's knowledge.
- Staff using WhatsApp or Telegram to send client info outside your AMS.
- Marketing teams testing AI content generators or social scheduling tools without verifying security.
Why Is Shadow IT So Dangerous for Insurance Agencies?
- No Visibility Means No Control
If your IT provider (like us at Qual IT) doesn’t know an app exists, we can’t secure it, monitor it, or update it.
- Sensitive Data May Be Unprotected
Unapproved apps often bypass encryption and data retention policies. That means client PII, policy info, and internal reports could be floating around unsecured.
- Compliance Risks
If you're storing sensitive data in unapproved tools, you could be violating SOC 2, HIPAA, or Utah data privacy laws without realizing it.
- Increased Malware Risk
Malicious apps disguised as productivity tools are on the rise. Once installed, they can hijack systems, inject ransomware, or steal login credentials.
- Your MFA and Firewalls May Not Help
Most shadow tools don’t support multifactor authentication or corporate firewall protections. One breach can cascade across your agency.
Why Employees Use Shadow IT
It’s rarely malicious. Most of the time, your team just wants to move faster, stay organized, or test something new. But that curiosity comes with a cost.
Take the recent "Vapor" app scandal: over 300 malicious apps were downloaded more than 60 million times. They posed as utilities and lifestyle tools but were actually adware and data thieves. This shows just how easily unauthorized apps can compromise your network—even if employees downloaded them with good intentions.
How Salt Lake Insurance Advisors Can Fight Shadow IT
- Build an Approved Tech Stack
Create and share a list of vetted, secure apps for your team to use. Keep it updated and relevant to insurance workflows.
- Limit App Install Permissions
Lock down who can install new software. Ensure your MSP (like Qual IT) approves any new tools before they’re used.
- Educate Your Team
Don’t just say "No." Explain why certain tools are off-limits. Help staff understand the risks and the alternatives you provide.
- Monitor for Rogue Apps
Use network monitoring and endpoint tools to detect unauthorized software before it becomes a problem.
- Invest in Endpoint Security
Qual IT offers Salt Lake-specific endpoint security tools that detect, log, and respond to unauthorized software use in real time.
Don’t Let Shadow IT Undermine Your Agency’s Security
In the insurance industry, trust is everything. One data breach caused by an app your IT provider never even knew existed? That could be the end of it.
Let’s get proactive.
Start with a FREE Network Security Assessment from Qual IT. We’ll help you uncover hidden vulnerabilities, identify shadow tools, and tighten your cybersecurity before it costs you.
Click here to schedule your FREE assessment today.
Securing Salt Lake's insurance advisors,
Austin McDonald
Cybersecurity & IT Partner to Salt Lake Insurance Firms
Qual IT
