Aptly named, a company's help desk is primarily focused on resolving technology issues so the business as a whole can function successfully. Despite the best of intentions, however, help desks can put the company at risk by using legacy tools, shared passwords and incomplete security practices.
The start of a new year is a great time to examine these issues, so IT leaders can ensure their help desk is better positioned to help, and not hurt, the company in 2013. Here are five things to guard against.
[ RECOVERY: The worst IT addictions (and how to cure them) ]
* Using outdated remote access tools: As more and more employees work from remote locations, help desks are increasingly depending on remote access tools to get into and fix systems. Unfortunately, many support organizations still rely on legacy remote access tools such as RDP, VNC or Dameware to fix remote computers over the Internet, opening the company to a potential data breach in the process.
According to Verizon's 2012 Data Breach Investigations Report, unsecure remote access tools accounted for 88% of all breaches leveraging hacking techniques. This is up from 71% in 2011 and 34% in 2010. Most help desks are working with limited budgets, but upgrading their remote access tools to a modern, secure solution is a small price to pay to protect the organization from hackers. It's time for organizations to wake up to the serious risk these legacy tools pose and make 2013 the year these attacks take a downward trajectory. [Also see: "Data breach? Blame your third party's remote access systems"]
* Sharing generic passwords: On the topic of remote access tools, some help desks use solutions that only offer named licenses. To maximize their investment, these organizations often share licenses using default logins -- Tech01, Tech02, and so on -- resulting in no record of who is accessing what systems, and what they're doing once they're in.
Additionally, these generic logins often remain unchanged as employees come and go, opening up the possibility that an ex-employee could access your entire network. Instead of buying a license for each individual, look for solutions that allow you to use concurrent licenses with individual logins. Even better if those logins can be tied to Active Directory so you can manage them centrally, and they're automatically shut off when an employee leaves. [Also see: "Admin Passwords are the Achilles Heel of Security"]
* Focusing on the same old metrics: Help desks are traditionally structured around metrics such as First Call Resolution (FCR), Average Handling Time (AHT), etc. In the quest to meet SLAs, support reps often use whatever tools will get the job done quickly. Being incentivized based solely on these metrics, and not on things such as security, means the help desk is often using free products or solutions designed for the consumer industry that -- while they may help with FCR -- don't meet security measures required by the enterprise. To address this issue, IT leaders need to equip their help desks with tools that will allow them to resolve issues efficiently, while also meeting company standards.
Another issue with traditional metrics is they often promote a "hot potato" approach to handling tickets, where reps try to close out or escalate an issue as quickly as possible to get it off their desk. With all of the new devices, platforms and applications being used today, IT issues are much more complex and require a more collaborative approach to problem solving.
IT KPIs should focus less on time spent by individual reps and more on ensuring the end-user's issue is entirely addressed, even if that means multiple reps from different tiers are working on an issue simultaneously. In the end, the end-user will be happy they didn't have to wait for their ticket to go through the escalation chain, and lower-tier reps will learn from working with experts, allowing them to be more productive in the long run.
* Impeding telecommuting and BYOD: While the workforce has grown increasingly mobile, many IT organizations are hindering productivity outside the office because they lack the ability to manage and support devices beyond their network. As a result, when employees have an IT issue or need to provision their personal device for work, they have to bring their device into the office.
Additionally, some IT teams are wasting significant time and money traveling to various sites to install new applications or updates. This will only become more costly and further impede productivity as the workforce grows more mobile, so adopting technology to do these things remotely should be top of mind for all companies that have yet to do so.
* Lack of knowledge sharing: Many IT departments don't do enough to share knowledge among and between their teams, which means end-users are often stuck waiting for an extremely busy expert to fix their problem. Numerous technologies enable reps to do things like record a complex support session so junior staff can learn from its resolution, implement an internal wiki for resource sharing or foster better real-time collaboration so less experienced staff can learn new skills in tandem with solving end-user issues.
A new year always brings a sense of renewal and enthusiasm. I encourage IT leaders to consider the above criteria and make the necessary changes to better position their department and, in turn, the company as a whole for greater success in 2013 and beyond.
Bryan Hood is solution engineer for remote support software provider Bomgar.
Read more about infrastructure management in Network World's Infrastructure Management section.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.