By William Thackray
Hybrid working boosts morale and efficiency, but it also introduces hidden risks for professional services. Data drift, fragmented communication, and shadow IT threaten security, compliance, and accuracy. To manage these challenges, firms must strengthen governance, simplify tools, enforce centralised data practices, and embed safe digital behaviours across the hybrid workforce.
Approximately three-quarters of UK businesses now use a hybrid working model. It’s a move that was instigated by the pandemic, but continued because it seemed to carry so many advantages. It’s cheaper for businesses and popular with staff, boosting productivity as well as employee retention and attraction. But it also carries risks, many of which are only just becoming clear, including the looming problems of shadow IT and data drift.
The lesser-known business risks of hybrid working
There are a whole range of arguments supporting hybrid working, but the problems it brings are rarely discussed. When employees split their time between the office and home, working practices become harder to manage. Staff use a wider variety of devices, networks, tools, and workflows, which means that the carefully formulated security protocols that work beautifully within the office environment begin to falter. And for professional services businesses, where sensitive client data forms the backbone of daily operations, the problem is magnified even further.
With hybrid work, every transfer of a document, every shared message, and every downloaded file becomes a potential point of leakage. A small misstep – a report saved locally instead of to the cloud, or a spreadsheet shared through a personal app – can introduce risks that leadership teams may not detect until a serious breach, complaint, or audit failure occurs.
Hybrid work isn’t creating poor behaviour; it is amplifying pre-existing habits that were once easier to contain within a controlled environment.
The Problem of information drift
One of the biggest and least acknowledged issues associated with hybrid work is information drift. This happens when data gradually spreads across multiple applications, storage locations, and devices—becoming fragmented, inconsistent, or hard to govern.
Information drift typically emerges in three key ways:
Inconsistent storage habits
When you’re working remotely, it’s easy to save documents in local folders. Even with cloud platforms like SharePoint and Google Drive, if you’re working offline, your own hard drive is more convenient. And that’s how documents and updates get lost or duplicated, causing future confusion.
Multiple communication channels
With accountability being such an important feature of contemporary business, communication also needs to be tracked. And for hybrid teams, conversations tend to be scattered across platforms, leading to lost instructions and poor project audit trails.
Tool sprawl and shadow IT
When workers lack the right tools – or don’t know how to use the approved ones – they start adopting their own. This might be a personal cloud drive, a free file-sharing service, a design app, or a note-taking tool that bypasses corporate controls. Individually, these choices seem harmless. Collectively, they create an unmanageable web of unofficial data locations that no central policy can oversee.
Shadow IT isn’t deliberate or malicious; it’s convenient. People use the tools that work for them. Unfortunately, that tends to create blind spots in data governance, security monitoring, and compliance.
What IT leaders can do to prevent data drift
Technology leaders now face the challenge of enabling hybrid work without letting it erode security or operational consistency. Key steps include:
Provide a single source of truth
IT teams must make it both mandatory and frictionless for staff to store and retrieve documents from approved systems. This involves designing intuitive folder structures, strong search functions, and integrated workflows that reduce the need for offline storage.
Implement modern data loss prevention tools
DLP solutions can detect when users save files to unapproved locations, download sensitive documents, or use untrusted apps. Automated reminders or blocks can stop risky behaviour early.
Reduce friction, not flexibility
Shadow IT thrives when official tools are confusing or inefficient. IT leaders should streamline the tech stack, eliminate redundancy, and ensure employees have user-friendly alternatives that genuinely meet their needs.
Provide clear, human-friendly policies
Many hybrid-work data issues stem from unclear or overly technical policies. When you develop guidance based on realistic scenarios and practical instructions, many of the common problems disappear.
Safe working practices to build into any hybrid model
Because hybrid work is here to stay, businesses must integrate safe data practices into everyday operations. Key behaviours include:
- Use company-managed devices and secure VPNs rather than personal equipment.
- Encrypt laptops, phones, and portable storage.
- Mandate multi-factor authentication across all systems and applications.
- Keep all approved apps updated automatically.
- Centralise communication tools so files and conversations stay within one ecosystem.
- Conduct regular audits of data storage patterns and shadow IT usage.
Encourage staff to report mistakes early, without fear of blame.
Hybrid working isn’t going anywhere, but it does need to change. To remove the risks currently overshadowing many professional services businesses, governance must be a priority. Allowing employees the freedom to work where they work best will always be a positive move. But you must have the operational practices and processes in place to ensure that your business is not compromised in the process.
William Thackray
