The IT help desk. Others in the company may consider it the bastion of IT support, but the IT help desk may not always be a beacon of sound IT practices. Given the access and credentials that IT professionals typically need to assist with technical issues, they make a perfect target for hackers seeking to steal company information.

But there are steps organizations can take to prevent their help desk from becoming a one-way ticket to a major data breach. Bomgar’s Joe Schorr recently published an article in Cyber Security Trend with his tips on securing the department and making it a security leader for others in the organization. Here are a few key steps you can take:

Do as I say… and as I do

As an IT professional, it can be tempting to work around security protocols, forgoing them in the name of haste and productivity. But Schorr encourages help desk workers to follow best security practices—not only due to the high-stakes nature of their job, but to foster a diligent, security-focused culture at the business.

Password policies

We’ve all seen it. A coworker who writes their numerous passwords down on sticky notes, or worse yet, in a plain text document neatly placed on their computer’s desktop. This is a surefire way to invite infiltration of your network, Schorr says. “Even in 2016, many workers still store credentials and passwords on sticky notes or in spreadsheets. This includes help desk professionals who often require lists of logins for a wide range of systems and share admin-level credentials with other IT personnel.”

Void the VPN

Many IT departments still rely on the VPN as a secure link for remote employees and vendors. Unfortunately, as Schorr notes in his piece, the VPN is not secure, as many think. Instead, they’ve become more of a liability than anything. “As the security landscape has evolved, basic VPNs that provide unfettered tunnels to networks have become a common target for attackers to gain a foothold into secure networks,” Schorr writes. Schorr notes that IT departments should look to implement access and support tools that allow full control, monitoring, and recording capabilities, keeping connections clean.

Because the help desk holds privileged credentials, it will always be a prime target of hackers. But Schorr is confident that IT pros can take steps to mitigate against security threats to the help desk with a commitment to fundamental security practices and the right tools. Want more information about IT security topics? Check out our webcasts!