5 Ways the Help Desk May be Hurting You
Aptly named, a company's help desk is primarily focused on resolving technology issues so the business as a whole can function successfully. Despite the best of intentions, however, help desks can put the company at risk by using legacy tools, shared passwords and incomplete security practices.
Fri, February 08, 2013
Network World — Aptly named, a company's help desk is primarily focused on resolving technology issues so the business as a whole can function successfully. Despite the best of intentions, however, help desks can put the company at risk by using legacy tools, shared passwords and incomplete security practices.
The start of a new year is a great time to examine these issues, so IT leaders can ensure their help desk is better positioned to help, and not hurt, the company in 2013. Here are five things to guard against.
[ RECOVERY: The worst IT addictions (and how to cure them) ]
* Using outdated remote access tools: As more and more employees work from remote locations, help desks are increasingly depending on remote access tools to get into and fix systems. Unfortunately, many support organizations still rely on legacy remote access tools such as RDP, VNC or Dameware to fix remote computers over the Internet, opening the company to a potential data breach in the process.
According to Verizon's 2012 Data Breach Investigations Report, unsecure remote access tools accounted for 88% of all breaches leveraging hacking techniques. This is up from 71% in 2011 and 34% in 2010. Most help desks are working with limited budgets, but upgrading their remote access tools to a modern, secure solution is a small price to pay to protect the organization from hackers. It's time for organizations to wake up to the serious risk these legacy tools pose and make 2013 the year these attacks take a downward trajectory. [Also see: "Data breach? Blame your third party's remote access systems"]
* Sharing generic passwords: On the topic of remote access tools, some help desks use solutions that only offer named licenses. To maximize their investment, these organizations often share licenses using default logins -- Tech01, Tech02, and so on -- resulting in no record of who is accessing what systems, and what they're doing once they're in.
Additionally, these generic logins often remain unchanged as employees come and go, opening up the possibility that an ex-employee could access your entire network. Instead of buying a license for each individual, look for solutions that allow you to use concurrent licenses with individual logins. Even better if those logins can be tied to Active Directory so you can manage them centrally, and they're automatically shut off when an employee leaves. [Also see: "Admin Passwords are the Achilles Heel of Security"]
* Focusing on the same old metrics: Help desks are traditionally structured around metrics such as First Call Resolution (FCR), Average Handling Time (AHT), etc. In the quest to meet SLAs, support reps often use whatever tools will get the job done quickly. Being incentivized based solely on these metrics, and not on things such as security, means the help desk is often using free products or solutions designed for the consumer industry that -- while they may help with FCR -- don't meet security measures required by the enterprise. To address this issue, IT leaders need to equip their help desks with tools that will allow them to resolve issues efficiently, while also meeting company standards.