Get Pricing For SunView Solutions

Review platform features & packaging to decide what best meets your needs.

IT Service Management

ChangeGear is an industry-leading ITSM platform that helps organizations to better track, manage, and deliver critical services.
Get Pricing

IT Operations Management

LivePulse offers out-of-the-box system and application monitoring essentials in the cloud.

Get Pricing

5 Ways a Help Desk Can Stop a Hacker

03/19/2012 by: The SunView Team

There was a time when all a Help Desk, or IT department as a whole, really had to worry about was Viruses that would bring the infrastructure down. With all manner of widgets being installed, a good tech could almost tell what was wrong just by hearing the symptoms. Even with a shift from a virus-dominated fight to a more sinister all-encompassing malware war, it was often easy to figure out what was wrong early enough to prevent widespread replication. A lot of that was because of a host of helpful tools, often free, that really helped keep computers disease free.

Of course, it's hard to believe that we might be starting to look back at that as the "good ‘ole days" of information and data attacks. That's because in most cases, if you could educate your users, or at the very least, lock down systems from the installation of software, the battle was almost won. Even, as the web lead rise to viruses that could hide behind a benign jpeg file, browsers have become very intelligent, and can often recognize and prompt a user regarding anything with malicious intent.
Malware still exists though, and it's far from being anything close to a misnomer. Hackers have just gotten smarter about how they convince people to download or install their software. While still a concern, good processes, and again, a general lockdown of software installation does a great job. However, the real and ever-increasing threat is ourselves, or rather, all the information we posts about ourselves. Oh yeah, and really bad passwords.

Sadly, even completely fixing that second issue wouldn't solve the problem. That's because between security breaches that result in successful acquisition of user names and passwords (we still remember you Sony), and social media being nothing less than a hacker's paradise, it might almost be easier if you just contacted groups that wanted information and sold it to them directly - that's sarcasm for the uninitiated.

In a recent article on CNN Money/Yahoo Finance, Stacey Cowley investigated the positioning of Linked In as a "gold mine" for hackers looking to succeed in and activity known simply as "spear phishing." That's where the hacker has info about you, and can then pose as a more trusted source. Trust being the key, many users in fact, tend to click malicious links, or give up sensitive information much more freely if they trust the place it's coming from. This makes complete sense, and makes it a lot harder to educate even the best users on how to avoid clicking a link that isn't from where they think it is.

The article is a great read, and should have some helpful tips for keeping your own teams / customers aware of the increase threat of spear fishing. This got us thinking though, how can a Help Desk truly work to stop a hacker?

We've included five ways below, but be warned your ITSM tool is going to need some flexibility, and a Service Catalog with Self Service, Communication, and Knowledge Base options as well. If you find your Service / Help Desk tool just isn't stacking up, check out our getting started guide with fifty key question you should ask about your new solution:
50 Questions for Building ITSM Requirements
Better Passwords
The first article we linked to says it all. With Password1 representing such a wide range of in-place passwords, and Welcome showing up in nearly 1% of all variations of passwords, something needs to be done. While policy is the first step, education is the next. Finally, running a report now and again to see who still has a password that doesn't conform is a likely "best practice."

Customized Forms
Your customers / users are your frontline defense. In the Linked In spear phishing article, it was a quick thinking employee that really brought the whole scheme down. Creating forms that allow anyone submitting an incident to indicate it is security, and perhaps phishing related can go a long way.

Automatic Escalations
Customized forms will only go so far, you need to make sure real threats get routed immediately. That might even be a 100% review policy of anything marked for phishing or security issues is reviewed by a special team. It could get abused, but that's not worse than losing true visibility to threats that might be posed against your organization.

Knowledge Base (KB) Articles
Educating customers on how to spot a phishing email, perhaps even examples of some that might have made it through is just as important as instructions on how to change a password. Make information readily and easily available to everyone - a core feature of any Service Catalog.

Security Announcements
Is there a recent rise in threats, or do you have reports of a certain suspicious type of email? There may not be, but even reposting content from your KB is a great use of any communication tool. Emails are good, but they are easily lost in the daily shuffle. The best method would be to use options included with your Service Catalog. This works best because customers / users will be accessing that most frequently.

Image: Flickr | Vectorportal