At ChannelCon 2018, in an animated talk titled The State of Tech Support, IT experts Mike Devadason and Todd Skinner covered multiple ways the IT help desk has been impacted by advances in technology — and why help desk staff are the perfect target for phishing campaigns. They also veered into big-picture stuff, like how install enterprise is giving way to cloud solutions and how we address accountability in artificial intelligence (AI).
“The thing we need to ask is, ‘Are we ready for machines to make decisions for us?’” asked Skinner, senior lead technologist for Booz Allen Hamilton.
Facilitated by CompTIA Chief Technology Evangelist James Stanger, the group talked about ways emerging tech, cloud integration and social engineering are affecting today’s help desks.
Skinner relayed stories from his work at Booz Allen Hamilton, while Devadason talked about his experience at the U.S. Patent and Trademark Office, where he’s the executive IT support engineer.
Cloud and IoT
On trend with CompTIA research, cloud computing is here to stay. Devadason said the U.S. Patent Office has readily adopted cloud technology, and it’s helped bring clarity to the office’s first-come, first-served-basis patent issues.
“That timeline is extremely important in patents,” Devadason said, “and the stakes are very high, all the time,” Cloud technology makes it possible to record that timestamp in real time, giving trial lawyers something to go on when a patent is disputed.
The internet of things (IoT) has also cemented itself as big player in IT, and tech pros are starting to identify and define where service and security boundaries are, Skinner said.
“We need a clear distinction of who’s responsible for what,” Skinner said. “In some ways we’ve been there before, but it’s about appreciating the expanded implications of having everything talk to us.”
This complex connectivity is also encouraging help desks to take on new approaches to patching, inventory and security.
Securing Offsite Workers and BYOD
Offsite employees are keeping IT help desks humming with virtual diagnoses, securing virtual private networks (VPNs) and setting up virtual desktops. Of the 13,000 U.S. Patent Office employees, more than 10,000 work from home or at another site, Devadason said. All of those employees require a work-from-home setup, which requires a router and a desktop plus the support his team provides.
“When the machinery goes bad at home, they’ve got to call us,” Devadason said. “Sometimes an upgrade gets pushed out and unintentionally breaks something else, and we’ll get a flood of calls because something’s not working.”
He agreed with Skinner that there are plenty of security issues tied up in both bring-your-own-device (BYOD) polices and securing information in the cloud.
“When you have BYOD, you bring in mobile device management and mobile app management, and you’re going to continue to see tools emerging like that,” Skinner said. “There’s a whole new level of trust that has to be established.”
One emerging solution is multi-factor verification, with a refrain already so familiar that the audience at the ChannelCon session said it aloud as a group: “What you know, what you have and who you are.”
These three steps to multi-factor verification are part of new security measures being taken on as more people bring their own devices to work or access the network from the road, Skinner said.
“What you know is your password, what you have is something like a secure ID token and what you are is an iris scan or a fingerprint,” he said. “It’s not everywhere yet, but it’s happening.”
Why the Help Desk Is a Target
Social engineering is the number-one way hackers are getting into people’s systems for credential harvesting and even cryptojacking, and help desk people are perfect targets for phishing campaigns.
At the U.S. Patent Office, internal emails all look the same, so when a phishing email comes through, it’s easy to spot.
“It gets flagged, forwarded to security and sandboxed until they can figure out what to do with it,” Devadason said. “We do a lot of end-user training programs to combat social engineering. We tell them, ‘If it doesn’t look right, say something.’”
U.S. Department of Defense (DoD) Directive 8570 is mandated more than ever, and the help desk needs to stay current on the requirements if they’re doing any work with the government, Skinner said. Through certifications like CompTIA Security+, IT pros can learn what it takes to meet compliance requirements for their clients.
“If part of your tech support’s role is to protect the enterprise, we need to be on the front lines to make sure that folks know what a social engineering attack looks like,” Skinner said.
Validate your tech support skills with CompTIA A+.
Michelle Lange is a writer and designer living in Chicago.