An organization’s IT help desk or service desk’s primary role is to provide support and assistance to end users experiencing computer or technology issues. As the first point of contact for employees, the goal is to provide quick resolution to technical problems and minimize disruptions to their work as much as possible. Help desk team members also play a critical role in your overall information security program and can help educate employees on security best practices and reduce and mitigate the risk of human error.
The help desk can:
- Troubleshoot common technology issues
- Help end users understand and effectively implement security tools
- Communicate cybersecurity best practices for securing devices and data
- Provide support for incident response/incident management
Unfortunately, the help desk staff themselves may also be targets for cyber attackers attempting to gain access to organizational systems or sensitive data. Help desk employees should have clearly defined processes for responding to user support requests and receive training on how to identify and prevent potential social engineering attempts.
Cybercriminals frequently target help desk staff by posing as authorized users who have forgotten their login credentials, often requesting account details or password resets. If helpful employees comply without verifying the caller’s identity, they risk compromising the user’s account and sensitive information. With the implementation of multi-factor authentication (MFA), it has become more difficult for attackers to access systems with only a stolen login ID and password, however, they continue to find new ways to circumvent MFA. They might attempt to deceive help desk personnel by requesting temporary MFA tokens or registering new MFA devices.
Help desk staff should receive training to understand the importance of verifying callers’ identities and the methods to do so effectively. Implementing clear processes requiring a unique identifier such as an employee ID or the last four digits of SSN can significantly decrease the success rate of such attacks. Regular training on expectations for how day-to-day support requests are managed and role-specific security awareness training will keep team members aware of the types of attacks they may encounter as part of their daily responsibilities.
Similar to how your teams conduct tabletop exercises for incident response or simulate phishing attacks to gauge employee awareness, regularly testing help desk staff can validate the effectiveness of established procedures and ensure compliance. Engaging a third party to conduct planned social engineering or vishing attempts on help desk staff can be a valuable exercise to identify any gaps in awareness and improve ongoing training and support processes.
As the first line of defense, help desk staff plays a key role in keeping systems and information secure, and effectively relaying best practices to end users reaching out for assistance. A well-trained help desk will not only reduce becoming a possible point of exposure but also foster a culture of awareness and accountability throughout the organization.
CampusGuard has released a new Help Desk Security training module within the updated 2024 Information Security Awareness training course. If you would like to learn more or request demo access to the available modules, contact your dedicated CRM. You may also consider vishing help desk staff as part of your next annual external penetration test with the RedLens Infosec team!