show image

Watch out for people giving bad advice from your helpdesk

A good helpdesk is indispensable to the IT function of a large organisation. Whether it offers advice internally or faces the end client, it is often the face of the IS function to everybody except the board.

Which is why the quality of the advice on offer needs to be first rate, or if someone doesn’t know the answer to a query they need to admit as much and go and find out. Nobody minds someone needing to do some research.

Which is why a particular news event yesterday was eye-catching.

Change your default password

There was another security breach at TalkTalk. The company has suffered a great deal from these, probably because a vulnerability has been detected and the hackers are making hay until it’s closed. It’s not a tiny company and it is taking the issue seriously. This is not a piece bashing any individual organisation.

However, as news of the latest breach emerged yesterday, someone in the business did something very silly. They told the BBC that there was probably no need for customers to change their default password on their routers, but they could do so if they wished.

Seriously, change your default password

To her credit, she also referred journalists to a security expert, who rightly contradicted her advice. As luck would have it, I was taking part in a media training session for security experts when the news broke, and you could almost hear the sound of their jaws hitting the floor when they heard the poor advice.

The incident highlights two points that every organisation needs to address, particularly when something involves a security breach. First, everybody speaking outside the organisation needs to be briefed on the basics. Failure to change the default security settings is a cardinal error, as many celebrities will confirm following the phone hacking scandal a few years ago. Defaults are too easy to guess and criminals can and will take advantage of this.

There is no point in blaming the operative who gave the advice to the BBC. It is not her fault that she had no briefing after so many major security incidents in recent years.

The second, related point, is that no matter what the provocation and how difficult the circumstances, companies and public sector bodies need a consistent line when talking to outsiders. The one thing that could have made this security breach worse for TalkTalk would have been the impression of internal disagreements – and the contradictory advice on offer gave precisely that impression.

It might be a good time to check on your own procedures around what to do if something goes wrong – and how it’s communicated outside.

New Statesman Tech would like to make it clear that the illustration, from Getty Images, is intended as a random picture of a helpdesk – there is no suggestion that the individual in the picture is in any way connected with any poor advice!