Cybersecurity protection for work at home employees
Overnight, all over the world, users are staying at home – and working from home. This requires new devices and new software licenses – but what about support?
In most organizations work-from-home has many positive consequences. The employees are working hard, and they continue evenings and week-ends to get the job done. Even after the Corona-virus we now expect that work-from-home will continue on a much higher level than before the crisis. The hardware and software is in place, but the users still need support from the central IT service help desk.
Expect to see higher load, and tasks you can’t support today. Expect to see more load at unusual times like nights and weekends. If the support isn’t available, then the employees can’t do their job, and our companies will lose productivity.
It has also been reported that the cyber-criminals exploit the situation. It is more difficult for the central support team to verify if someone calling in is a real employee, or a criminal impersonating a real employee.
New tools are needed to get the support done without increasing the costs and risks for the organizations.
Many users will have new experiences and surprises. How do I print, how do I scan, where is this service, etc.? With more calls comes increased stress for the service desk; queue time for users will increase and general productivity will deteriorate for the users and the IT-team.
We hear of increases of the magnitude of 15% more calls. Look for tools to help the service desk, those that provide fast solutions through self-service, to see the total number of calls go down. On average in the industry 20% of all calls are password related. With an efficient user-friendly password self-service tool, then you can cut the number of calls back to the normal level.
The key to self-service success is that at least 80-90% of all users will and can use the self-service.
One trivial incident will not change – users forget passwords and call for password recovery and resets. A simple question: “Can your service desk reset a password at a remote company PC?” Even when you use VPN for security, the service desk can’t access a “dead PC”.
Today for most companies the only solution is for someone to transport the PC back to company premises, so that the PC-cache password can be synchronized with the AD-password, and the user can get the PC back. This is very expensive.
What the users want is a solution where they, in a simple way, can verify their identity to a self-service, and then the PC works again. This will help the user carry on even when it happens in week-end or night time. There are out of the box solutions that solve this important technical issue.
When a criminal calls someone over the phone and impersonates another person to achieve something it is called vishing (Voice based phishing). When working from home this risk increases many folds.
New security issues: In “the old days,” people called the service desk from local company phones, meaning that we could verify who they were, but working from home doesn’t give us much with which to verify the user’s identity. If they ask for a password reset, how can we verify that the person is the user they claim to be?
We need a process, but even that is not enough. Social engineers, hackers, know how to use emotions to get the service desk supporters to help them. The emotions might be fear, greed or just the desire to be an empathetic person. This is what “Help desks” are for! To win this battle with the criminals we must introduce an IT-workflow that controls the entire verification process. This will take emotions out of the verification.
Controlling the ID verification should include a verbal identity “test” by the service desk. Using knowledge about what computers the real employees’ use, the location they work from, and a lot of confidential information, the test questions will be impossible for a hacker to answer. For important employees, the test can even include approval from managers in the process. It takes more time to include new persons in the process, but the cost of failure is much higher.
Just the above 3 changes to your support team will mean dissatisfied management and concerns from IT security management. It’s time to reduce the burden on the service desk and let users give themselves a better service than the service desk can. And don’t forget IT security – the hackers don’t take a break – they’re increasing their efforts right now.
With work-from-home we see how companies struggle with costs and security issues. The solution (cloud or on-premise) – can immediately help companies reduce the load on the service desk, make employees more productive, and prevent criminals from using the service desk to get access to important applications.
The basic objectives of the solution should be to reduce calls to the service desk; reset passwords for remote PC’s through a company VPN and provide rock-solid, unbreakable, user identification.