For the past few months, we’ve been working to transition as many customers as possible to raising service requests through our online service desk portal, rather than by phone or email.

With access to our portal through Teams, it gives users visibility of the tickets they raise, with company admins having improved visibility of all tickets. The portal also removes the need for email ticket logging, although phone access is still supported by our helpdesk team.

However, this is not just a service improvement. Following the guidance from The National Cyber Security Centre, the government agency responsible for cyber security, our portal ensures enhanced security for both our customers, their teams and also for ourselves.

Here’s why email and phone-based IT helpdesks can increase cyber risk – and how our secure IT helpdesk portal improves visibility, control and protection.

A secure IT helpdesk: why this matters

Last year, news publications frequently reported on the hacking of major high street names, with the most infamous being M&S.

These attacks became so frequent that The National Cyber Security Centre issued an official warning, explaining that criminals were launching cyber attacks at brands by impersonating IT helpdesks. They explained that criminals use social engineering techniques to get people to trust them when they email, text or call pretending to be from a company’s IT help desk – ultimately tricking employees into handing over their log in passwords and security codes – but that this also worked the other way round, with criminals calling people who work on IT helpdesks, pretending to be an employee locked out of their account.

As part of this advice, The National Cyber Security Centre issued guidance to organisations, highlighting the need for secure IT helpdesk procedures so that they can reduce their chances of a experiencing a similar attack, saying: “We believe by following best practice, all companies and organisations can minimise the chances of falling victim to actors like this.”

It also said firms should reassess how their IT helpdesk “authenticates staff members” before resetting passwords, especially senior employees with access to high-level parts of an IT network.

Geoff Wing, Arc’s CRO, said: “Cyber criminals are increasingly targeting traditional communication channels such as email and phone to infiltrate organisations, impersonate users, and gain unauthorised access to systems. Some of the most high profile cyber incidents in recent years have been executed through precisely these methods. We will not expose our customers, or ourselves, to unnecessary risk when a safer and more robust alternative already exists.

“Our portal provides customers with a low friction, fast, and intuitive way to log requests, while enabling faster allocation, improved visibility, and quicker resolution from our side. More importantly, it allows us to significantly strengthen security around end user requests, which is no longer negotiable in today’s threat landscape. This is not a future ambition: it is a priority now.”

Additional benefits

The adoption of the service desk portal as the primary channel for support is a service and security improvement, not an administrative change. As well as logging incident tickets, users can also create new starter/leaver requests, with the ability for company admins to set up different tiers for levels of sign off.

Matt Westney, COO at Arc, said: “This is a key step into driving automation within our service desk, with the end goal being to fully transition away from email logging. This isn’t just about preference, it’s about security, accountability, and service quality. Alongside enhanced security and service quality, company admins also gain access to a dashboard where they receive improved visibility of tickets, alongside improved stats and reporting.”

Want to work with an MSP who takes security as seriously as you do? Get in touch with our team here.