Whatever compliance your business is required to follow — PCI, FINRA, HIPAA, Gramm-Leach-Biley Act—it needs compliant help desk workers that understand your specific needs. What’s alarming is that most help desks don’t understand compliance regulations. In fact, nearly 83% don’t have specific policies and procedures in place to make sure their people are compliant (let alone making sure your users comply to security policies!).
What are the consequences if your IT help desk is non-compliant?
Non-compliance of data security policies all lead to one fate—costs. Costs that come in many forms from the direct penalties racking up between $5,000 to well over $50,000 in fines. That’s not to mention additional losses in lost business (customers will lose trust in your brand!) and employees that don’t want to risk personal identity theft.
On average, businesses with 100 users can lose over $190,000 from not being compliant (the equivalent to at least 3 full time help desk workers!). Is that something you want to befall your organization?
So, what does your IT help desk need in order to comply with regulations?
- Know the data you are storing on clients, customers and employees— whatever data your business stores—credit card information, patient information or employee records—your help desk should understand what data is associated with sensitive information. If one of your users calls in and requests access to protected data—or even if they need help with something remotely related to your business data—your help desk should know which databases contain protected information and should be equipped with a process of dealing with sensitive data.
- Know specific rules on data preservation—even if your help desk workers are not the folks directly curating your business data, they should fundamentally understand how your data should be preserved—when backups need to occur, how information can be transferred (can you email everything?) and who should have access to it. If your help desk doesn’t go out of its way to ensure they understand where and how your data is being stored, who has access to it and how specific data types can move within your office, they may be opening the door to data leaks and hacks.
- Know how to dispose of data—when your business destroys data, are there still lingering pieces because your help desk screwed up? Very often, help desk technicians—who normally work on basic user issues unrelated to data disposal—lack training on how to appropriately dispose of data. In the event that a help desk technician is asked to do something that isn’t in their routine help desk responsibilities—do you want them to not understand how to properly dispose of information or how to comply with your regulatory standards?
- Understand firewall and malware monitoring requirements—Businesses that need to comply to security standards (frankly, if you’re a business with clients—no matter how large or small—believe it or not, you likely have regulatory standards). Regardless of who is regulating your industry, you need firewall and malware monitoring to be a part of your routine. Shouldn’t your help desk understand your monitoring requirements to help you keep your staff and business safe?
- Know how to restrict access of information—security compliances ALL have a requirement of access restriction because those with access to sensitive information need to have fulfilled annual compliance training. IT help desks need to understand who in your organization have access to sensitive data in order to ensure your business stays within compliance guidelines (and that your business is riddled with hefty fines from non-compliance!).
- Understand policies and have proven competencies with security training— While members of your staff likely need annual compliance training to ensure your business is sticking with regulations (that have changed in recent years!). Shouldn’t you expect your IT help desk to have compliance to data security rules your staff needs to understand?
To have a team that not only is compliant, but also is in-line with your specific objectives, you need a help desk that understands your business and is looking out for solutions to make it safe, secure and profitable. Are you sure your IT help desk is making your security and your compliance their priority? Are you sure they are handling calls securely? Contact us TODAY for a FREE help desk health assessment!