Identity theft cases have nearly tripled over the last decade. That’s why data security has become a top priority for businesses in every industry.
Increasingly, help desk personnel have found cybercriminals to be impersonating employee end users in the hopes of gaining additional information or network access. Through social engineering, bad actors can collect personal user information and use this data to trick help desk staff into handing over confidential information or sensitive data.
In today’s information age, just asking for a person’s corporate email address, is not enough. Email addresses, job titles, supervisor names and answers to other common security questions are easily discoverable by cybercriminals on the internet. In addition, while many security threats are launched by external actors, threats can potentially be posed by internal bad actors, as well. That’s why identity verification is an essential tool for IT help desk staff.
RELATED ARTICLE: How Long Does It Take to Detect a Cyberattack?
When a user contacts an IT help desk (often by phone, email, chat or online form) the first step for help desk personnel is to verify that a user is who they say they are. This process is called identity verification or digital identity verification. Identity verification will assist in preventing identity fraud and will reduce the risk of granting network access to unknown users.
RELATED ARTICLE: Is Our Outdated Technology Putting Us at Risk of a Cyberattack?
The better way to verify a user’s identity is to use something that is non-public and difficult to guess. There are several different methods to do this. Here are some possibilities that IT help desks can use to more securely verify the identity of users who are asking for assistance.
A common way to verify user identity is to ask the user for personal information found in the organization’s database, such as their name, date of birth and/or employee number.
Knowledge-based security questions are also good choices. These should be questions that only the user will know the answer. Examples include asking for their mother’s maiden name, where they attended high school, etc. Be sure to select questions that do not have easily guessable answers.
Also consider placing stickers with equipment ID numbers on all organization-assigned equipment. If a user is calling about a computer problem, this equipment ID number will be easy to find. Be wary if the caller is unable to locate this.
Organizational computing behavior questions are excellent questions to ask, as well. You could ask about their city/state location, when they last logged in, last time they used a printer, etc. Use your organizational data to assist your help desk to authenticate users.
More and more organizations are adopting the use of biometric analysis to verify user identity. This is done through the use of physical characteristics, such as fingerprints or facial recognition. Biometric analysis is a convenient identity verification method and provides enhanced security, as biometric data is difficult to replicate or steal.
This type of authentication typically combines knowledge-based authentication questions along with other digitally based authentication methods. Sending a verification code to a user via email or text is a common way to do this. Other possibilities to choose from include the use of authenticator apps, smartcards, and biometrics. Having multiple layers of security will decrease the likelihood of a unauthorized user entering your network, that’s why multi-factor authentication is increasing in popularity among businesses of all types.
Confirming a help desk caller’s phone number via caller ID spoofing detection software, will aid in verifying that the caller’s phone number matches the phone number of the user that they say they are. This extra-layer of protection can provide more peace of mind in verifying the identity of the caller.
You can reduce the call volume burden on your IT staff by encouraging users to use self-serve password reset software instead of having the reset to be done by your help desk personnel. Self-serve password reset software is a cloud-based software that assists organizations to manage passwords and verify the identity of users. This software can also be configured to automate password rotation schedules and settings based on parameters such as user time zone, rotation frequency and password length.
When your help desk adds identity verification to their toolbox, both the department and your business as a whole will enjoy benefits, such as:
RELATED ARTICLE: How to Evaluate IT Help Desk Partners
Growing businesses are elevating how they approach managed IT services, no longer just dealing with technology issues as they arise. It’s time for better. That’s why Elevity elevates security, delivering both comprehensive technology management and integrated co-managed services to growing organizations of all sizes in Wisconsin, Illinois, Indiana and Ohio.
Proactivity matters when creating a help desk plan. Click the link below to download your free checklist and learn the 10 best practices for setting up a help desk.
