Frontline Under Fire: Cybersecurity Risks to IT Help Desks

Article Cybersecurity

Help desk

An organization’s IT help desk or service desk’s primary role is to provide support and assistance to end users experiencing computer or technology issues. As the first point of contact for employees, the goal is to provide quick resolution to technical problems and minimize disruptions to their work as much as possible. Help desk team members also play a critical role in your overall information security program and can help educate employees on security best practices and reduce and mitigate the risk of human error.

The help desk can:

  • Troubleshoot common technology issues
  • Help end users understand and effectively implement security tools
  • Communicate cybersecurity best practices for securing devices and data
  • Provide support for incident response/incident management

Unfortunately, the help desk staff themselves may also be targets for cyber attackers attempting to gain access to organizational systems or sensitive data. Help desk employees should have clearly defined processes for responding to user support requests and receive training on how to identify and prevent potential social engineering attempts.

Cybercriminals frequently target help desk staff by posing as authorized users who have forgotten their login credentials, often requesting account details or password resets. If helpful employees comply without verifying the caller’s identity, they risk compromising the user’s account and sensitive information. With the implementation of multi-factor authentication (MFA), it has become more difficult for attackers to access systems with only a stolen login ID and password, however, they continue to find new ways to circumvent MFA. They might attempt to deceive help desk personnel by requesting temporary MFA tokens or registering new MFA devices.

Help desk staff should receive training to understand the importance of verifying callers’ identities and the methods to do so effectively. Implementing clear processes requiring a unique identifier such as an employee ID or the last four digits of SSN can significantly decrease the success rate of such attacks. Regular training on expectations for how day-to-day support requests are managed and role-specific security awareness training will keep team members aware of the types of attacks they may encounter as part of their daily responsibilities.

Similar to how your teams conduct tabletop exercises for incident response or simulate phishing attacks to gauge employee awareness, regularly testing help desk staff can validate the effectiveness of established procedures and ensure compliance. Engaging a third party to conduct planned social engineering or vishing attempts on help desk staff can be a valuable exercise to identify any gaps in awareness and improve ongoing training and support processes.

As the first line of defense, help desk staff plays a key role in keeping systems and information secure, and effectively relaying best practices to end users reaching out for assistance. A well-trained help desk will not only reduce becoming a possible point of exposure but also foster a culture of awareness and accountability throughout the organization.

CampusGuard has released a new Help Desk Security training module within the updated 2024 Information Security Awareness training course. If you would like to learn more or request demo access to the available modules, contact your dedicated CRM. You may also consider vishing help desk staff as part of your next annual external penetration test with the RedLens Infosec team!


About the Author
Katie Johnson

Katie Johnson


Manager, Operations Support

As the manager of Operations Support, Katie leads the team responsible for supporting and delivering CampusGuard services including online training, vulnerability scanning, and the CampusGuard Central® portal. With over 15 years of experience in information security awareness training, Katie is also the Product Lead for CampusGuard’s online training services. As a Senior Customer Relationship Manager for a limited number of customers, Katie assists organizations with their information security and compliance programs and is responsible for coordinating the various teams involved.