A quick read with a big impact.

Trust, but Verify: Picky Questions to Ensure Help Desk Security

Help desk security

Choosing an outsourced help desk provider can be stressful, especially when it comes to cybersecurity. You want someone you can trust with your systems and sensitive data — a partner who takes a proactive approach to preventing cyberattacks. But how do you get it right from day one?

While help desk outsourcing can be tremendously beneficial, your organization’s security is too important to take any chances. If you’re not sure where to begin, here are some ideas to enhance your vetting process and help you find a help desk provider who takes security seriously.

Start the Help Desk Vetting Process by Identifying Your Security Risk Factors

Cybersecurity threats can arrive in all shapes and all sizes, but three areas in particular should be assessed.

The first is your own organization’s maturity level. How prepared are you for a cyberattack? How well-developed are your protocols for identifying and responding to threats? There’s no wrong answer here, but it’s important to articulate to your help desk provider how much security guidance you’ll need. If you’re going to rely on someone else’s protocols, it’s that much more important you choose your provider carefully.

Another risk factor is the question of access. The more access you give to your help desk provider, the greater the potential risk to your organization. Ideally, your provider understands this; if they request only limited access to those systems necessary for providing support, that's an excellent sign they take your security seriously.

And lastly, for some organizations, compliance concerns are also a priority. A hospital, for example, must be extra conscious of how a provider’s access to internal systems may run up against HIPAA. A help desk agent should not be able to see any confidential patient information on the screen. Financial organizations might face similar concerns as well.

Related Reading: Protecting Your Organization From Shadow IT

Ask These Questions to Evaluate Your Help Desk Provider

Once you’ve zeroed in on the risk factors facing your organization, you can start to ask the right questions. Here are a few topics and questions that can help you evaluate outsourced help desk providers and their approach to cybersecurity.

Security Monitoring

It takes only one bad actor to cause real problems for your organization. That’s why it’s important for your help desk provider to monitor your systems closely to identify a potential threat as quickly as possible. Ask your potential providers:

  • How do you monitor data and traffic?
  • How will you connect to our environment?
  • What sort of security auditing processes do you have?
  • How do you limit and control your agents’ access to systems?

Data and System Protection

Your help desk provider should be proactive about your security. Instead of just reacting to incidents, your provider should have measures in place to prevent problems before they begin. Be sure to ask:

  • How do you prevent phishing and other cyberattacks?
  • Are you performing full background checks on your agents?
  • What are your security protocols, and how were they developed?

Testing and Training

The testing and training of agents should go hand-in-hand with a proactive approach to security. Here are a few questions to help you evaluate how a help desk provider approaches these disciplines:

  • Do you perform any penetration testing on your own network and systems? How often?
  • What type of security training do you provide to your agents? How often does training happen?
  • How do you train agents on specific compliance concerns and controls?
  • How do you test agent performance to ensure they follow procedure?

Asking these questions will help you evaluate a help desk provider and quickly identify how serious they are about cybersecurity. If they can’t seem to answer or just come up short, it may mean you need to keep looking.

Related Reading: The Top 3 Questions to Ask When Hiring Outsourced Help Desk Support

After an Incident: How Your Help Desk Provider Should Work with Your Team

By 2025, the cost of cybercrime is expected to reach $10.5 trillion, up from $3 trillion in 2015. This explosive growth means that, for more and more businesses, it’s not a question of “if” they’ll suffer an attack but “when.”

This sobering truth means that your vetting process must consider how your provider will work with your internal team when an incident happens.

At Global Help Desk, when we discover a threat or an erroneous actor trying to access your systems, we respond with all hands on deck. Immediately, we pull all the information we have about the call, including the phone number, audio recordings, and records of what information the attacker was after.

Security incidents also trigger our team to reach out to their primary contacts within your organization’s IT team. We’ll debrief about the incident, share all the information we have, and collaborate closely with your team to stop any potential threat. Depending on the severity of the incident, this process could be anything from a simple phone call to a deep dive into security forensics. No matter what, we provide full transparency to make sure the threat is addressed and your systems are safe and secure.

As you evaluate potential providers best equipped to help you manage your biggest help desk challenges, you should look for those that take this kind of collaborative approach to security. While trust may be earned over time, a thorough vetting process can help you choose the provider with the best security posture from the very beginning.

Ready to make your help desk helpful?

New call-to-action