Risks Posed to Law Firms by Shadow IT

It has become easier than ever for lawyers to bypass IT protocols to enhance efficiency and effectiveness. A firm’s IT department sets out these protocols to address challenges associated with the rise of technological platforms and hardware. These stringent rules can then become overly restrictive, causing employees to use unauthorized devices to get around those rules. The result of this is what’s called Shadow IT: the use of technology not formally approved of or supported by a business’s IT department.

At Circle Management Group, we consult firms on legal practice software and guide implementation. Contact us for more information.

What is Shadow IT and why do lawyers use it?

Shadow IT is the use of unauthorized technological platforms and hardware by employees. The use of Shadow IT in business is nothing new but has been exacerbated by the rise in the pervasiveness and capabilities of technology coupled with so many work-from-home arrangements in recent years.

Experts estimate that 40% of all IT spending at a business constitutes unauthorized technology. It’s important to note that the use of Shadow IT is not necessarily malicious. In fact, 77% of surveyed professionals believe that the use of Shadow IT could be beneficial for their business.

No doubt, if provided the opportunity, human beings, on the whole, tend to take the path of least resistance. This may explain the prevalence of Shadow IT in the legal environment, in that it’s mostly driven by the need for productivity, efficiency, and effectiveness. Lawyers are working under constant time pressure and client demands, making the use of Shadow IT an attractive alternative.

Examples of Shadow IT that may be used in a law firm include:

  • Third-party Software-as-a-Service (SaaS) cloud computing applications
  • Public cloud services such as Google Drive or Google Docs
  • Productivity tools such as Slack or Trello
  • Personal messaging platforms such as Zoom or Gmail for work-related communications

Risks posed by Shadow IT

The use of Shadow IT poses many risks to law firms. Read on as we break down these risks.

Security risks

Cybersecurity threats constitute the main risk with using Shadow IT. The job of an IT team is to account for different technological devices and set security measures and protocols for these. This becomes difficult when unprecedented amounts of technologies are being used. The different technologies all represent a possible point for information security vulnerabilities—potentially leading to data loss, application damage, theft of information, or the introduction of malware and other threats.

Compliance issues

Law firms are required to comply with specific requirements and regulations. Compliance with certain standards is regularly monitored and reported, including technology compliance. When Shadow IT is prevalent, it becomes harder to ensure compliance with specific standards.

Keeping Track

In a legal environment, all client data and information must be able to be accounted for. When employees add new technological devices at a whim, the authorized software becomes difficult to track.

Lost Data

Firms risk losing access to essential data and information when they’re stored through Shadow IT. This is particularly so when a lawyer who dealt with the information leaves the firm. The information can become quickly estranged or access to platforms can become disconnected.


Shadow IT systems are unaccounted for in a firm’s cost and resource analysis. If one of these systems becomes a critical part of the firm, the cost incurred by using it may become unjustifiably high. This is a common problem with certain SaaS applications, such as cloud storage.


A firm may have to change its practices to fit with a new platform or device. This is much more of a difficult process than incorporating the technology in the business plan from the start.

The Bottom Line

Little incentive for outright prohibiting Shadow IT exists as lawyers tend always to seek out solutions that improve their work efficiency. And Shadow IT does tend to heighten efficiency and effectiveness in a firm — until it gets out of hand.

The best way to mitigate the risks of Shadow IT is to encourage enhanced communication around its use. Lawyers must be transparent about their use of technology and in turn, IT departments must remain vigilant and continue to educate users on its potential risks. Only then will firms create a safe technological domain that enhances efficiency and innovation for all lawyers.

The use of Shadow IT is here to stay, so partnering with a trusted advisor is the best way to understand the risks associated with technology use. At Circle Management Group, we’re loyal and trusted advisors who partner with firms to educate on and help firms implement legal practice software. Contact CMG today for a Technology Audit and Needs Assessment for your firm.

Leave a Reply

Your email address will not be published. Required fields are marked *