5 ways the help desk may be hurting you

Aptly named, a company's help desk is primarily focused on resolving technology issues so the business as a whole can function successfully. Despite the best of intentions, however, help desks can put the company at risk by using legacy tools, shared passwords and incomplete security practices.

The start of a new year is a great time to examine these issues, so IT leaders can ensure their help desk is better positioned to help, and not hurt, the company in 2013. Here are five things to guard against.

[ RECOVERY: The worst IT addictions (and how to cure them) ]

* Using outdated remote access tools: As more and more employees work from remote locations, help desks are increasingly depending on remote access tools to get into and fix systems. Unfortunately, many support organizations still rely on legacy remote access tools such as RDP, VNC or Dameware to fix remote computers over the Internet, opening the company to a potential data breach in the process. 

According to Verizon's 2012 Data Breach Investigations Report, unsecure remote access tools accounted for 88% of all breaches leveraging hacking techniques. This is up from 71% in 2011 and 34% in 2010. Most help desks are working with limited budgets, but upgrading their remote access tools to a modern, secure solution is a small price to pay to protect the organization from hackers. It's time for organizations to wake up to the serious risk these legacy tools pose and make 2013 the year these attacks take a downward trajectory. [Also see: "Data breach? Blame your third party's remote access systems"]

* Sharing generic passwords: On the topic of remote access tools, some help desks use solutions that only offer named licenses. To maximize their investment, these organizations often share licenses using default logins -- Tech01, Tech02, and so on -- resulting in no record of who is accessing what systems, and what they're doing once they're in.

Additionally, these generic logins often remain unchanged as employees come and go, opening up the possibility that an ex-employee could access your entire network. Instead of buying a license for each individual, look for solutions that allow you to use concurrent licenses with individual logins. Even better if those logins can be tied to Active Directory so you can manage them centrally, and they're automatically shut off when an employee leaves. [Also see: "Admin Passwords are the Achilles Heel of Security"]

* Focusing on the same old metrics: Help desks are traditionally structured around metrics such as First Call Resolution (FCR), Average Handling Time (AHT), etc. In the quest to meet SLAs, support reps often use whatever tools will get the job done quickly. Being incentivized based solely on these metrics, and not on things such as security, means the help desk is often using free products or solutions designed for the consumer industry that -- while they may help with FCR -- don't meet security measures required by the enterprise. To address this issue, IT leaders need to equip their help desks with tools that will allow them to resolve issues efficiently, while also meeting company standards.

Another issue with traditional metrics is they often promote a "hot potato" approach to handling tickets, where reps try to close out or escalate an issue as quickly as possible to get it off their desk. With all of the new devices, platforms and applications being used today, IT issues are much more complex and require a more collaborative approach to problem solving.

IT KPIs should focus less on time spent by individual reps and more on ensuring the end-user's issue is entirely addressed, even if that means multiple reps from different tiers are working on an issue simultaneously. In the end, the end-user will be happy they didn't have to wait for their ticket to go through the escalation chain, and lower-tier reps will learn from working with experts, allowing them to be more productive in the long run.

* Impeding telecommuting and BYOD: While the workforce has grown increasingly mobile, many IT organizations are hindering productivity outside the office because they lack the ability to manage and support devices beyond their network. As a result, when employees have an IT issue or need to provision their personal device for work, they have to bring their device into the office.

Additionally, some IT teams are wasting significant time and money traveling to various sites to install new applications or updates. This will only become more costly and further impede productivity as the workforce grows more mobile, so adopting technology to do these things remotely should be top of mind for all companies that have yet to do so.

* Lack of knowledge sharing: Many IT departments don't do enough to share knowledge among and between their teams, which means end-users are often stuck waiting for an extremely busy expert to fix their problem. Numerous technologies enable reps to do things like record a complex support session so junior staff can learn from its resolution, implement an internal wiki for resource sharing or foster better real-time collaboration so less experienced staff can learn new skills in tandem with solving end-user issues.

A new year always brings a sense of renewal and enthusiasm. I encourage IT leaders to consider the above criteria and make the necessary changes to better position their department and, in turn, the company as a whole for greater success in 2013 and beyond.

Bryan Hood is solution engineer for remote support software provider Bomgar.

Read more about infrastructure management in Network World's Infrastructure Management section.

Join the CSO newsletter!

Error: Please check your email address.

Tags help desk best practicesNetworkingwirelessinfrastructure managementhelp deskremote accesshelp desk metricsIT managementconsumerization of ITBYODmanagementtelecommutepassword securitysecuritymobile workforcedata breachknowledge sharing

More about DamewareFCRFirst CallVerizonVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Bryan Hood, solution engineer for remote support software provider Bomgar

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts