The majority of people in this world are good. If I were to put a percentage on that statement, I’d be looking at 80/20. Most people like doing good things, helping others, etc. and just playing by life’s rules. Within the service industry, and the Service Desk Institute (SDI) is a great example of this, we enjoy helping users with calls on a daily basis and fixing issues where we can. We all feel good about resolving a call and making somebody’s day. However, it seems (or at least feels like) that the other 20% just want to be different and actually prey on the fact that the rest of us are nice people. It’s why we need to talk about IT service management (ITSM), the service desk, and the human firewall.
Real-world human firewall examples
The first example is about Drones. Amazon is looking heavily into the process of using this technology to deliver their packages to customers’ houses. You can find rumors of a “cloud warehouse” to do this in the press. Certainly if they can get this idea off the ground (pun intended), it seems like a good use of a new technology to improve service. Then at the other end of the spectrum, ISIS is using drone technologies to carry poisons to drop onto targets in countries like Syria etc. So that’s two very different uses for the same technology – a good one and a (very) bad one.
The second example is about email, which is still the main communication tool for many businesses and is likely be for a while. We all receive hundreds of emails a day from colleagues, customers, and suppliers etc. Email also acts as a medium of trust for approval at times and allows payments to be authorized when we trust the sender. With the increase of “phishing” and “spoofing” where an external hacker can impersonate a senior colleague, we’re seeing more fraudulent payment activity in this area. Because we’re busy, and because we trust the name on the email, people aren’t taking time to always check it’s genuine. And why should you? If it’s the boss of your company you just want to show you can respond quickly etc. Hundreds and thousands of pounds have been lost this way in the last two years – it’s why we need “human firewalls.”
Where’s all this going?
Well, the sad fact is that the nasty 20% of people in the world are using the fact that the majority of us are “nice, good helpful citizens” to their own advantage. This means we need to start to doing something that may come as alien to many of us – we’re going to have to stop being so trusting about technology and challenge things more often. At present, our people in our organizations are often the weakest link to giving access to our secrets. We share so much about our lives on social media and other outlets that it makes it very easy for people to target us.
It’s incredibly frustrating that there’s so many great things that we use everyday to make our 21st century lives better: online banking, smartphones, contactless payments etc. but in every situation there’s somebody trying to find a way to attack or defraud you in some way. The internet of things (IoT) is around the corner now, if it isn’t here already, but already there’s talk of hackers using your toaster or heating thermostat as a bot to cause havoc in your home.
We need to be aware of the responsibilities of a “human firewall.”
So what do we need to do, and how does this human firewall apply to the service desk?
Well, we need to still be helpful and carry out our roles as normal; our service ethics should never wain. However, I think we need to add a new competency to our service desk framework, that of IT security. We need to challenge people more about things like lost passwords and authorization for access to systems so that this in turn encourages them to understand to be more vigilant about things.
We should provide advice and tips to help them such as:
- Be aware of unsolicited emails – never click on a link or an attachment from an unsolicited email.
- Change your passwords – avoid using the same password across multiple accounts and change them regularly. If a hacker gets access to your password they will attempt to try other accounts you have too. Make sure the password is “strong” too.
- Email filtering – use software such as Mimecast to assist with filtering out emails with potential malware hidden in URLs and attachments.
- Challenge third party requests to remote onto your systems to help you – ensure you can take back control of the mouse and your screen if needed and that no sensitive data is shown at any point.
- Always scan and check USB devices before allowing access to your systems – be wary of free USB sticks given out at events.
We’ll have to continue educating our customers regarding ransomware, malware, “phishing” etc. and regard this as “part of the world we now live in” that will not go away.
The service desk role isn’t just about fixing and solving an IT issue anymore – we’re now all part of the new human firewall required to combat the darker side of life online.
If you’re interested in hearing more of David’s thoughts on how the service desk can help to change the security landscape, then you can see him present on the human firewall at the annual SDI conference later this year. For more information on this event, and David’s presentation, please visit the conference website.
David Bullock is the Director of IT for Ward Hadaway a law firm based in Newcastle with offices in Leeds and Manchester. He is an experienced IT manager who enjoys taking a practical approach to the management and coaching of his staff and peers in order to achieve excellent results. David is also an ITIL advocate with over 15 years of IT experience as well as practical experience in the application of these processes. In addition he is a regular contributor at various legal and IT service related events.