Is your IT Help Desk Helping Hackers?

Depending on your technical capabilities, help desk roles can range from last resort options to (in all cases) frequent rescuers. However, service desk professionals have an incredible amount of access to solve problems of all sizes. In many cases, you can view and access confidential systems and information with little or no supervision.

Often this level of access is necessary for service desks to quickly diagnose and troubleshoot problems, but hackers can use help desk service to identify appropriate and primary attack targets through social engineering and other means. Doing so exposes your organization to potential security threats.

In many organizations, help desk technicians generally have a wide range of access rights and extended privileges, but they may not be provided with adequate security training or privileged access control. Also, due to SLA requirements and the speed of modern business, resolution time often needs to be prioritized over "best security practices." Without providing IT help desks with processes and tools that enable them to do their jobs quickly and effectively while complying with security policies, companies can leave this area of ​​their corporate security strategy at risk.

Here are five ways that businesses can ensure that helpdesks do not accidentally help hackers.

Please give your unique advice to you. In the rush mentioned above, where most help desk professionals work, it's easy to forget to always follow best security practices. However, if an organization expects users to follow these rules, IT professionals and help desk technicians must lead the way in fostering a culture that promotes a strong security posture. These include recognizing social engineering attack markers, alerting IT security of suspicious requests for help, hygiene of proper credentials (cleaning and deletion of unused accounts), high value / risk systems. Do not share (or keep in mind) passwords placed on secure channels that include simple and basic rules, such as securing access.

Tighten Password Usage - Even in 2016, many workers store their credentials and passwords on sticky notes or spreadsheets. This includes help desk outsourcing companies professionals who need login lists for multiple systems and share administrator level credentials with other IT staff. Modern password management tools can eliminate this unnecessary risk by using a password vault that stores and rotates credentials and passwords. Others insert credentials in the background to completely hide access to authorized systems from administrators. You can't write invisible things with sticky notes.

Reevaluation Of Help Desk Metrics: Individual performance, service desk performance, or organizational performance metrics can be prioritized for quick resolution to avoid mature security protocols. A typical help desk is primarily determined by metrics like First Call Resolution (FCR), Average Handling Time (AHT), and Customer Satisfaction (CSAT). This could allow help desk technicians to adjust their security protocols to meet these metrics and ultimately cause further damage. How good. To address this, IT leaders (along with their information security peers) must equip their help desks with tools that enable them to access remote systems, solve problems efficiently, and meet company security standards.

Improved Remote Access: Help desks must be compatible with remote employees and IT systems on a daily basis. Unfortunately, many popular remote access methods are insecure and could allow a malicious attacker to gain access to the corporate network and roam undetected for weeks or months. The VPN that has long been used for remote access is no longer a safe option for third parties given the sophistication of today's hackers. As the security landscape evolved, basic VPNs, which provided a free tunnel to the network, became a common goal for attackers to establish themselves on a secure network. Help desks often serve remote users, third parties, and devices, so this is an area where organizations must prioritize. It is imperative to eliminate IP-enabled grappling hooks within the business and instead employ a solution that leverages broker connections to enable tiered control, monitoring, and recording.

Support Session Tracking: IT support has changed dramatically in recent years. System management and ticketing are as important to the IT service desk as before, but incident resolution is becoming more complex. Technical support requires a help desk solution with cross-platform capabilities to connect and work with desktops, laptops, and mobile devices running almost any operating system. What your staff can access, view, and do during these remote support sessions should be controlled by granular permissions and workflow approvals, as needed. Additionally, organizations must capture a full audit trail of all remote support activities to meet industry standard internal and external security guidelines.

Help desks must grant access to enable and support their businesses without compromising security. IT and security leaders must work together to ensure that access and security do not conflict, but work together to increase overall productivity.