I have been in the world of IT; I would say for probably
over 20 years. It’s only been in the
last 10 or so that I have ben devoted exclusively to Cybersecurity. I would say that one of the most thankless and
most under appreciated jobs is that of the Help Desk.
They are usually the front and last lines help for the end
user. Not only are these expected to be
knowledgeable in what they do, but they are also expected to do deliver great
customer service, under all conditions.
I know of people who have had this kind of role, and to be
honest, it’s a burn out role. Not only
do you customers chew you out, but you are expected to be on top of everything,
all the time. Worst yet, there are even
metrics and KPIs that you have to come through on. One of them is how long you stay on the phone
to resolve an issue.
Because of all of this, and under the enormous strain that
the Help Desk people are under, they have now become a primary target for the Cyberattacker. The threat variants can come in all various
forms, but the most “popular” form seems to be that of Social Engineering.
In this regard, many robocalls, phony calls, and even emails
are being sent trying to impersonate real end users, in order to heist out as
much confidential information as possible, namely the passwords and other sorts
of credentials.
So what can a Help Desk Manager do to help protect their
staff? Here are some key tips:
1)
Make sure that you only resolve issues that are
related to company issued devices. If
the end user cannot confirm the details of this, then the call should be terminated
immediately. Or, if it was determined
later that it was a legitimate end user needing help, then other avenues should
be offered for assistance to resolve the problem.
2)
Once a staff member receives a call, they should
not only communicate and further verify the identity of the end user using only
their company issued device.
3)
To verify the actual identity of the end
user who is calling I, you should always use some form MFA, as well as use a
push notification mechanism. So for
example, when a Help Desk member is picking up a call, they should immediately
send a push notification to the device of the end user. In turn, they should read back that number. If they don’t receive that notification,
or refuse to cooperate, then this is a huge, red flag!!!
4)
Always ask the end user to verify the
serial number of the device they are having issues with. Of course, if they need help in doing this,
you should help, but also be aware of any cues to indicate that it could be a
fake call, if the end user is taking longer than usual to find it.
5)
If the issue in question involves the
replacement of a wireless device, such as a smartphone, then you should have a
policy in place that the device has to be physically returned to the company headquarters. Only then can a new device. Of course, if the end user is an employee,
they will have to use their own personal device to conduct job tasks. In this case, you will probably have to
deploy some substandard security protocol, such as phone authentication.
6)
Now we come to the biggest issue of
all: Password Resets. This is the nemesis of the Help Desk staff,
and it gets even more complex now because of identity verification. The answer to this is simple: Simply institute the use of a Password
Manager. That way, not only long and complex
passwords can be created, but the end user (or employee) can manage all that
themselves, so that you can now focus on the more urgent requests.
7)
In a final effort, if MFA for some
reason cannot be deployed, then another option would be to initiate a video conference
call (such as Zoom or WebEx) where the end
user will have to physically show to you their government issued ID (such as a
driver’s license, passport, etc.) and the device they are having issues with.
8)
If you use other authentication
mechanisms such as tokens, or digital certificates, make sure that they only
have a lifespan for just one use and destroy it. That way, the risk of it being replicated is
greatly mitigated.
My Thoughts On This:
The use of AI is only compounding this problem even
more. For example, Deepfakes can be used
to create fake, live images of real people, it can even be used to create legitimate
voices as well. Because of this, if you
make use of a Voice Recognition system, it could very well be circumvented in
these cases.
All you can do is enforce a strict policy where all of the Help
Desk staff have to follow a set standard of authentication procedures, with no
questions asked.
This will be especially important if you outsource your Help
Desk functions to a third party. More details
about the threat of Deepfakes can be seen at this link:
No comments:
Post a Comment