Perhaps you’re not aware, yet one of the simplest ways to access your networks is sometimes thought to be the help desk.
Security professionals frequently cite help desks as a company’s top security weakness because the majority of help desk staff lack the training to recognize social engineering attempts. They are merely carrying out their activity and assisting in problem-solving for your users. A help desk agent has been the subject of fraudulent phishing attempts more frequently than you’d like to think.
Why not an accounting or human resources department member who might have easy access to confidential data instead of a help desk technician?
Because a help desk technician probably has access to all the information about your users. To help you with computer problems, they can remotely access your computers. But have you ever stopped considering this possibility: what if someone dialed your help desk while phishing for data or information related to your company? Would the technician genuinely offer to assist the person? Would they require you to pass through several hoops to demonstrate your identity?
When asked for access to individual user PCs, nearly 20% of help desk employees whose employers had phished FAILED to protect company data.
Worse, about 70% of help desks neglect to maintain track of their technicians’ call records and authentication changes. A lot of support desks lack knowledge about the latest system changes. And since they lack adequate documentation procedures, most help desks lack the infrastructure to determine where a breach would have occurred accurately.
Today, I want to discuss some basic security precautions that your help desk MUST do to protect your company from a significant breach in the future.
Keep track of help desk calls; otherwise, you won’t know when a caller is attempting to pry for information and won’t be able to determine whether a help desk call may have led to your breach. It is essential to monitor help desk calls for security concerns and give your help desk employees input on handling calls. Be aware that social engineers will employ various techniques to damage your technician, including screaming, sobbing, and coaxing. The key to ensuring that your team won’t crumble under pressure—or at least to assess whether your technicians are adhering to your defined call-handling process—is identifying where they are weak.
Use phones made for call centers; having specialized equipment makes it simple for technicians to record calls and replay consumer interactions after a call has concluded. Having the proper phone system could aid employees in resolving the security issue before it becomes an uncontrollable breach if the technician had been the victim of social engineering.
Communicate the Help Desk’s Role in Updates—By keeping in close contact with your help desk staff, you can make sure that they are aware of potential user issues before a call comes in. Your help desk will be better able to predict how to assist users and be more prepared to spot fraud if they are aware of any modifications to your system.
Call Them Back: It’s a good idea to call users back on a recorded line when they call in to request network credentials, permission modifications, or even changes to their passwords. This will confirm that your technician is speaking with the correct individual. Your system’s caller ID might not be sufficient because con artists are tricky and may hide their phone numbers.
Despite what might seem like plain sense, many help desks fail to log suspicious activity because they lack a procedure for documentation that ensures that ALL calls are logged and recorded.
Evaluate Technician Performance: Help desk supervisors need to be attentive to monitoring technician performance all the time. They should keep an eye on calls and give prompt feedback. Managers add a layer of protection to prevent social engineering because they typically have more experience than technicians. You should anticipate that a knowledgeable manager familiar with both would keep an eye on your help desk to ensure quality assurance.
You could assume that your technicians would know better and be able to distinguish between a user and a fraud. Still, absent established procedures, you might be startled to learn that they first confirm the user’s identification before giving them card-blank access to your most sensitive data. You NEED SAFE, professional help desk assistance.
Can you wait to strengthen your help desk security until your help desk is phished and your business data is compromised? For a help desk security assessment, get in touch with the best help desk providers today.
