In many organisations, there is a separate information security team that deals with all things relating to security. So why does the help desk need to be involved, and what contribution should it make? Here are five reasons that you should consider:
Everyone’s Responsible for Security
The first and most obvious reason is that information security, also known simply as InfoSec, isn’t just about process controls or technology controls that we can delegate to the InfoSec team and then ignore unless they affect us directly.
Help desk agents, like everyone else in the organization, need to know what information security policies apply to them and need to take responsibility for following these policies.
Typical policies that everyone needs to follow include:
- Acceptable use policies– what you are allowed to do with email, social media, the company network, etc.
- A mobile device or BYOD policies– how personal devices such as laptops, tablets, and smartphones should be managed
- Password management policies– how often you have to change your password, rules about how passwords are made up, and whether you’re allowed to record passwords
- Remote working policy– rules for how people should work from remote locations, such as their home or a hotel room
Help Desks Are the Eyes and Ears of IT
Major security breaches at some organizations have remained undiscovered for many months, during which time the attackers have been able to make off with vast amounts of highly confidential data. Early detection is crucial.
Your help desk is the main interface between the IT organization and the people who use your IT services. This means people who work on the help desk are uniquely placed to understand what is happening within your user community. If they are appropriately trained, they can be the first line of defence against many potential security breaches.
Help Desks Can Communicate Information Security Messages to Users
The help desk is in regular contact with users, and you can use this as an opportunity to communicate essential InfoSec messages, to reinforce other training and awareness activity.
Help Desks Have a Major Role to Play in Security Incident Management
Most organizations have a security incident management process that is designed to:
- Log, track, and manage security incidents
- Escalate security incidents to people with appropriate skills and management responsibility
- Triage incidents and implement an initial response to contain the damage and stop it from spreading
- Ensure that confidential information about security incidents is suitably protected
The help desk is often the first place to become aware of security incidents, so they have a major role in this process flow. In some organizations, the help desk will also be responsible for logging, tracking, escalating, and managing security incidents.
Don’t just leave information security to your InfoSec team. Your help desk staff can play a big role in helping to protect your information if you give them the skills, knowledge, tools, and training they need to play their part.
For additional information about help desk solutions, contact ABACON IT via their website.
Author: Ryan Danvers