IT hardware or software is used to handle organisational data without explicit approval. For example, an employee who uses a personal Gmail account for internal or external work-related communications. An infamous example of shadow IT was Hillary Clinton using her own private service for work-related emails. Shadow IT increases the attack surface for hackers and increases the risk of identity theft or accidental data disclosure. While the use of shadow IT might seem totally benign to most users, IT security awareness training can highlight some of its inherent risks.