In the era of multi-device BYOD work environments, employees find it easier to install software at their own discretion, bypassing company policies. In this complex technological landscape, the issue of shadow IT begins to surface, posing unexpected risks for companies. Shadow IT refers to employees using software that hasn’t been sanctioned by IT, whether intentionally or not.
In this article, we will examine the case of a Singapore-based medical supplies company, Inzign Pte Ltd, which suffered a substantial financial penalty because of a single employee’s use of pirated software.
Below is an account of the recent court proceedings against the company. It highlights the need for companies to instill a shadow IT policy, monitor employee usage of third-party software, and employ best practices to manage the risk of pirated software.
In March 2023, an employee of Inzign Pte Ltd, Mr. Win, decided to install a piece of pirated software on a company computer. The program in question was NX Software, used for computer-aided design, manufacturing, and engineering. Even though the company owned licenses for three of its modules, the employee decided to download and install a pirated copy.
Mr. Win’s first attempt was unsuccessful due to the administrative controls installed on the computer. However, on a second attempt, he managed to obtain a company laptop from the toolroom nearby. Discovering that he was able to install NX software on the laptop, he proceeded to do so and used the unlicensed, pirated software on multiple occasions.
The distributor of the software, Siemens Industry Software Inc., discovered the use of unlicensed software and initiated legal action against Inzign.
High court ruling
Despite the company not authorizing the use of NX Software, the Singapore High Court held Inzign vicariously liable for the employee’s actions. It was found that the company’s lax supervision and mismanagement of the laptop allowed the opportunity for the infringement, Lexology reports:
“The Court observed that the Defendant may have been negligent in the implementation of its anti-software piracy policy and in the conduct of its operations. The Court noted the Defendant’s weak anti-software piracy policy, its poor communication of this policy to Mr. Win, its recklessness in managing the Laptop, and the free access to premises granted to Mr. Win.”
The employment relationship and the loose control over access to IT equipment and software were cited as primary reasons for the court’s ruling. As a result, Inzign was sentenced to reimburse copyright infringement damages of S$30,574 to Siemens.
What can we learn?
This court case underscores the importance of implementing comprehensive policies and procedures to prevent unauthorized use of software. This includes having an anti-software piracy policy, effectively managing IT equipment, restricting access to such equipment, monitoring employee activity, and regular training regarding copyright and unauthorized software usage.
In addition, streamlining the process of obtaining software that employees need to perform better, can help reduce the use of shadow IT. When people are able to quickly gain access to the tools they need, with the help of IT, they will not be tempted to install third-party software on their own.
How Vaultry helps
Vaultry helps you to monitor all of the devices on your systems for shadow IT. It alerts you to its presence immediately, allowing you to remove it before it embeds in your network. This means you avoid a situation like Inzign faced because you will have a clear, real-time view of the software installed on company devices across your network.
Get started with Vaultry today to protect your business.