Creating a Culture of Cybersecurity Part I: The 8 Benefits of Insourcing Your IT Help Desk

By: Logan Myerz, Director of Internal IT Support, CISO Global, Inc.

Preface: 

What is the culture of cybersecurity, anyway? When most people hear the phrase “Cybersecurity is a Culture,” their minds jump immediately to cybersecurity awareness training videos that help employees avoid phishing scams. Certainly, that is an important part of driving security awareness in your organization, but the true culture of cybersecurity is so much more. To quote our CTO, Jerald Dawkins, Ph.D., “Cybersecurity is a team sport. It involves everybody in your organization – and even partners or vendors.” This is probably the best explanation I’ve heard for anyone considered as part of the security team. It’s not just a subset of your IT or compliance group. Everyone is on the team, and every decision you make about your organization may impact or be impacted by this culture.

You might not have considered outsourcing versus insourcing your help desk function. This decision impacts more than just your business and bottom line. As the Director of Support at CISO Global, I have a unique view of help desk support, including the way one can leverage this front-line team to help build and bolster a culture of cybersecurity. Insourcing your help desk department allows you to not only create a desirable internal culture that supports long-term success, but also illuminates the importance of a team that’s often your first line of defense. In fact, any organization that embraces the mandate to safeguard their sensitive information and systems will want to consider who is running their IT help/support desk – and how. 

The 8 Benefits of Insourcing Your Help Desk 

Maintaining an efficient and effective help desk is crucial for providing excellent customer support and ensuring smooth internal operations. One of the strategic decisions that organizations face is whether to outsource or insource their help desk functions. Insourcing, or keeping the help desk in-house, offers a range of benefits that can positively impact various aspects of a company’s operations. This article explores the advantages of insourcing the help desk and highlights why organizations should consider this approach. 
 
1. Improved Control and Customization 

When you hand over your support desk function to a vendor, you have far less control over how tickets, responses, and support interactions are handled. What if the sales team you meet with to demo the service has a culture of positivity, but the people who deliver support requests from the backend have less desirable social norms? What about the tools they use – do they integrate with your other systems? Further, what if the organization’s standard processes don’t align with your company’s policies, procedures, and business needs? Cost savings, top tier support, and customization of procedures typically don’t go hand-in-hand. So, if you are requesting changes to their templated processes, you are likely to lose some of the savings you gain by outsourcing. When you have your own team to train and manage, however, you gain greater control over the entire support process. This allows you to align procedures, protocols, and tools with your organization’s specific needs, industry requirements, and internal policies. This allows you to make quick adjustments to meet changing demands with a more tailored approach to addressing unique challenges. 
 
2. Deep Company Knowledge 

As members of your organization, in-house support desk teams understand your company better than anyone on the outside could. They know your company’s offerings, culture, processes, and most importantly your people. You can’t put a price tag on the positive interactions between people who know one another (or at least share some common internal relationships). With this level of understanding, your internal help desk can create an extremely positive experience for end users at times when they may be frustrated. If someone’s access isn’t functioning properly, for example, they may feel out of sorts and even irritable. A friendly face and someone who understands what they are trying to achieve in their role can be invaluable to help deescalate the situation, help them feel seen and heard in their frustrations, and build a more positive experience overall as issues are being resolved. At the end of the day, workplace satisfaction is important to retention, and making sure your users have support from someone who “gets them” when they are trying to overcome an obstacle can make a major difference in their experience. 

Additionally, internal teams are more likely to understand feedback from your internal users about new services or products you are using in operational execution. If you just rolled out a new platform, and multiple people are frustrated with it, that can inform next steps to smooth out problems. This supports an environment of continuous improvement. Will an outsourced provider be as invested in providing this feedback to your IT and/or Operations teams? 

 
3. Seamless Communication and Collaboration 

When you are working with an outsourced provider, all communications will be in a silo. Since the vendor’s support team is not part of your internal company, they will not be regularly passing what could be crucial information along to other teams. Instead, you are likely to get a report or have interactions logged into a dashboard. This puts the communication onus on one person to receive, understand, prioritize, and pass along what is considered noteworthy. When you insource, those team members can send a quick direct message, pick up the phone, pass information up the ladder, or talk to someone over the water cooler. That means information is more likely to be shared and understood. Because they don’t understand your culture and company goals the way you do, outsourced teams will have a harder time knowing what you would consider important as a topic of discussion.  

The help desk team can easily connect with other teams, such as Dev Ops, Solution Architecture, and other departments to address complex issues or implement improvements. This seamless interaction ensures that relevant expertise is accessible when needed, resulting in quicker solutions. Collaboration is an essential function across departments and teams, and as often as possible, you want the right hand to know what the left hand is doing – as well as help each other with challenges. With silos in communication, you are inhibiting that process from occurring naturally. 

 
4. Data Security and Privacy 

Every organization has sensitive data to protect, from systems and files containing corporate data to user account information. Your outsourced provider may be able to check boxes to comply with your processes, but protecting data and systems goes well beyond just processes. It includes understanding and awareness of users, as well as support staff. Maintaining control over these elements is essential to build trust with end users, partners, and clients, and meet compliance with data protection regulations.  

The recent attack at MGM is a prime example of the need to consider every aspect of your organization’s help desk policies, procedures, and culture. Some new industry commentators have said that a successful social engineering attack that came in through the company’s help desk was the primary avenue MGM attackers used to gain access to corporate systems. Purportedly, an attacker called in asked for help resetting his account access password, was given the ability to do so by the support desk technician, and the attack unfolded from there. Certainly, there were other factors, such as Okta vulnerabilities, but this interaction should be noted.  

The help desk agent may very well have followed correct procedures and was simply bested by a brilliant setup, but the attack reiterates the importance of leveraging help desk team members as your first line of defense against attack in account protection. That begs a question that goes beyond just policies and procedures – what kind of culture are you creating in your support desk team? We will dig into this a little later, but suffice to say, you will be less able to ensure a culture that supports effective cybersecurity if you are outsourcing, and having the right culture on that team is crucial for any company that wants to safeguard an organization’s sensitive information and systems. 

5. Company Culture Impacts Security Effectiveness 

One final consideration around data security is the culture created among outsourced teams disconnected from your organization’s people, networks, and systems. When support desk providers offer discounted services compared with the market, that is likely to translate into poor salaries for those fielding support tickets and calls. That could translate into a lack of personal investment in your organization’s security processes, procedures, and policies. Further, you have no way of knowing how well those people are treated by their managers. The risk you are running is that if you have a team of technicians who do not love their work, are potentially underpaid, and are operating in a way that is disconnected from your organization’s systems and relationships, how are they incentivized to be on high alert for social engineering attempts or other signals of a security issue? It’s always going to be more effective to create a positive work environment where people are positively incented to work alongside your teams to be a first line of defense. You have more control over those outcomes when you insource (or work with a provider who is also managing your systems and drives a strong internal culture). 

 
6. Increased Efficiency and Uptime 

With a team that is integrated into your organization and, thus, is familiar with your organization’s systems, software, and processes, users are likely to get a much faster diagnosis and resolution to their issues. Since IT problems reduce users’ productivity, speeding up the resolution process means improving uptime for your internal teams. In turn, employees can provide production, sales, and support to external customers more rapidly, which supports your organization’s overall operational efficiency. Downtime is a problem for any organization, and when you think of it in these terms, the money you may save by outsourcing is likely to be diminished by operational losses of users who cannot perform their job functions if help desk response times are slow. 

 
7. Support for Company Mission, Vision, and Goals 

Another advantage of building and managing an IT support desk team internally is aligning them with your company’s mission, vision, and strategic goals. When they know what you are working to achieve as a company, they will also be able to prioritize certain support tasks over others. For example, if the company has a strategic goal of improving customer satisfaction rates, and a user has two technical challenges at the same time, your help desk technicians will automatically know to prioritize whichever problem will enable the internal user to deliver better customer service in the immediate future. Then, they can work on solving the second issue once the first has been addressed. If you are outsourcing, technicians are not only disconnected from company goals, but they are also less motivated to drive success with your users. The key differentiator here is ownership and commitment. Internal teammates are more likely to be committed to one another than will be an outsourced help desk provider. Again, if you are working with a strong managed service provider, they will already be aligned with your business objectives and will be excited to drive success, because their cadence calls with you keep them connected to your goals. 

8. Knowledge Retention and Skill Development

One key to supporting both business and cybersecurity progress is retaining people who have gained institutional and technological knowledge over time. If you are dealing with constant turnover, you lose weeks and even months of productivity. In a business environment where there are 350 million job openings in cybersecurity on any given day, can you really afford to lose people who have gained skillsets? Let’s apply that thinking to outsourcing – if you have a new technologist dealing with your organization on every call, it will be more difficult for them to develop deep institutional and security knowledge that’s specific to your organization. An insourced help desk offers employees the opportunity to develop deep expertise, accumulate institutional knowledge, and refine their skills over time. This can lead to better decision-making and innovation within the support function.

Conclusion 

Insourcing the help desk brings numerous advantages that enhance control, communication, expertise, security, and overall efficiency. While outsourcing might offer short-term cost savings, the long-term benefits of insourcing can outweigh those savings by providing tailored support, greater adaptability, and stronger alignment with the organization’s goals. Careful consideration of the organization’s unique needs and circumstances is essential when deciding to insource the help desk function. 

Need Help? 

If you would like to work with an expert who can help you evaluate your organization’s practices, policies, procedures, and even technologies around the Help Desk function as a part of building your culture of cybersecurity, reach out to us anytime. We’re here to help!

The post Creating a Culture of Cybersecurity Part I: The 8 Benefits of Insourcing Your IT Help Desk appeared first on CISO Global.

*** This is a Security Bloggers Network syndicated blog from CISO Global authored by CISO Global. Read the original post at: https://www.ciso.inc/blog-posts/8-benefits-of-insourcing-your-it-help-desk/