The managed service provider (MSP) Nero Consulting just got a shiny, new button.

When an end-user wants to install an unsanctioned application—say, Dropbox—the “Admin by Request” tool pops up on their screen to ask why. Integrated into Teams chat, the tool allows CEO Anthony Oren or IT specialist Roman Shain to grant or deny permissions based on the response.

“If it’s not valid, we’ll actually ask you to give us more business-case reasoning,” said Oren.

The button reflects the balancing act that security pros make when addressing the shady challenge of shadow IT, aka unapproved assets. Shadow IT teams, however, often produce brighter results than their murky name implies, and IT pros are meeting in the middle, somewhere between total “deny” and total “approve.”

“You want those ideas from every employee to come to the forefront, and you also want operations to move at the speed they need to move. So, even if it does mean IT departments need to be more lenient on their policies, I think that’s really important,” said Olivia Montgomery, associate principal analyst at Gartner.

Come out, come out, wherever you are. A March survey from asset-intelligence vendor Sevco Security uncovered home laptops and personal devices connecting to corporate productivity tools like Office 365.

Seventeen percent of the study’s IT assets accessing corporate networks did not appear in enterprise sources, like directory services or mobile device managers (MDM), which push security policies to network-connected devices.

According to Pew Research: 35% of employees that can work from home do, which means more devices and precious company data outside a controlled network perimeter.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Quick, look at your data. Like, really look at it.

Companies and organizations with an interest in data retention management have a lot of options for how to take care of their information, but no clear defining standard. That’s the kind of thing that makes Andrea Simmons, a data-management consultant based in the UK, sympathetic to teams making decisions about their data.

“If something goes wrong, you’re going to need to have records,” she told IT Brew, adding, “If you’re gonna have to rebuild your business, then the difficulty there is you need everything from your incorporation documents at the start of the business, which could be 20-plus years old, and your current contract, and what you [are] supposed to be working on.”

Conflicting advice. There’s no universal standard to how long to keep data or why, and companies and organizations may have multiple reasons to keep data longer than necessary.

Simmons sees the issue of retention as, broadly, split between operational and legislative concerns. The latter has a “plethora of available signposting as to how long you should be keeping stuff” that can be confusing. But some basics are there for a reason.

“You can’t go wrong if you retain core business records for seven years, because it’s usually six-plus-one from a financial standpoint,” she told IT Brew.

Logan Rohde, an analyst with Info-Tech Research Group, said that while seven years isn’t a standard, it’s a general recommendation that is going to “keep you compliant enough to avoid problems on that side, and keep you on the right side of data risk on the other.” Ultimately, it’s a bit of smoke and mirrors, he told IT Brew, because there’s no one-size-fits-all solution.

Keep reading here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Plug it in, plug it in. Or not. The FBI is warning that using public USB charging stations could result in malware or spyware being installed on your device.

The agency’s Denver office made the announcement in a tweet on April 6.

“Avoid using free charging stations in airports, hotels, or shopping centers,” the tweet reads. “Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices.”

The tactic, known as “juice jacking,” utilizes USB cables left at public charging stations to implant malicious software and/or spyware on the devices of unsuspecting consumers.

Despite the dire warnings, this isn’t a new concern. The FBI told Axios that a FCC consumer warning was issued in 2021 about using charging ports, “such as those found near airport gates, in hotels, and other travel-friendly locations.”

“Malware installed through a dirty USB port can lock a device or export personal data and passwords directly to the perpetrator,” the FCC warned in 2021, according to Axios. “Criminals can use that information to access online accounts or sell it to other bad actors.”

The FCC advised that users should avoid USB chargers and use power outlets with their own charging equipment and batteries instead.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Today’s top IT reads.

Stat: 1.3 million. That’s how many spam comments Techdirt’s Mike Masnick says the site’s algorithms have blocked in the last six months thanks to Section 230, legislation that SCOTUS is currently debating. (Techdirt)

Quote: “PBS stopped tweeting from our account when we learned of the change and we have no plans to resume at this time.”—A PBS spokesperson, on Twitter’s decision to label it “government-funded media” (The Daily Beast)

Read: Ethics and safety teams at tech firms are being chopped left and right. (CNN Business)

Speedy and sustainable: Want to power your next web project with renewable energy? Check out IONOS. Get streamlined hosting for your git-based sites and apps, plus worry-free WordPress hosting when you future-proof your IT infrastructure.*

^{*This is sponsored advertising content.}