Are Chat Services Helping or Hurting Your IT Security?

Are Chat Services Helping or Hurting Your IT Security?

Chat services security is a hot topic today because these services have become so popular. For example, Slack has over 12 million active users. In terms of website chat services, Intercom alone is active on more than 76,000 websites. These chat services make it easy to ask a question and get an answer. However, that ease of use can cause security problems. Let’s find out how.

Chat Services Security: What Are The Risks?

Depending on your technology stack and security processes, there are different types of security threats. Rather than analyzing multiple platforms, consider these two threats, which are familiar to most of these platforms. First, end-user behavior creates security challenges. If a customer provides personal data (e.g. date of birth, phone number, etc.), then you need to protect that data. Also, some users may ask detailed account-related information (e.g. passwords, account numbers, account status). As a result, your chat service logs may be filled with sensitive data. If you fail to protect this data adequately, you will run into problems with governments (e.g. CCPA in California and GDPR in Europe) and disappointed customers.

You can mitigate these security threats in several ways starting with prompts and training. Add a warning to your public-facing chat service explaining what you will not ask for (e.g. “we will never ask for your password”). Next, provide training to your customer service agents on how and when to request sensitive data. Whenever possible, encourage them to ask for the minimum amount of confidential data needed to complete the request.

You also need to look at the technology and security processes in the organization. If you have robust processes for security, your chat services will benefit from that protection. Likewise, weak password habits and access management means that sensitive data provided through chat services will be at risk. Once again, training is an excellent first step. Start by offering so that they avoid password reuse disease. After that is in place, make sure you remove inactive user accounts from your customer service department. Pruning away user accounts that are no longer needed is one of the easiest ways to improve security.

It’s Not All Bad News: Chat Services Can Improve Your Security!

So far, you’ve seen the different ways chat services may undermine security. That’s just one side of the coin. If you use the right technology, you can harness the convenience of chat tools to improve security. For example, installing Apollo, an IT security chatbot, makes security much more convenient. For example, if an employee needs to reset a password late at night, they can message Apollo and get their password reset. At the same, all of your IT security compliance requirements are followed and logged.

When you make security more convenient for your end-users, your security will immediately become easier. You will have better success asking users to use long complex passwords. Your users will know that they can quickly get a password reset in seconds through Apollo if they ever need it. Your IT help desk will also thank you because they will have more time to work on complex problems.

Historically, convenience and IT security have been enemies. When you use Apollo, you can change that story. Making security more convenient for users will also make the IT security department look good. Instead of placing roadblocks in user productivity, you will make security more accessible for your users to access.

Which Chat Services Can You Use To Improve IT Security?

The less software you need to install, the better! That’s why Apollo is built to integrate into the chat and collaboration tools you already have. If your organization uses SMS messaging, Microsoft teams, Slack, Skype, Kik or Telegram, you can use Apollo to simplify your security. Password resets are one of the most popular ways to use Apollo, but it’s not the only way.

Let’s say you have hired a new customer service representative for your company. That person needs additional access permissions to do their job. Your new hire can send a quick text message to Apollo to request access or use Skype. Moments later, you will receive the access request as the manager. The whole process takes just a few minutes.

Worried About Using Chat Services For Security Administration?

Since chat services are a relatively new technology, you might have to address some skepticism from your peers. After all, they may be used to calling IT when they need security help. That’s a known process, and they see no need to change it. It’s a legitimate concern, so let’s take a moment to address it now.

Evaluate The Chat Service For Technical Compatibility

Before considering security, examine how the chat service can improve safety. For example, if your organization runs on Microsoft products, integration with Skype and Microsoft Teams will be critical. Now that you have cleared that hurdle, let’s look at the user experience.

Evaluate The Chat Service For User Experience

When you make IT security tasks easy for employees, they are more likely to play by the rules. As part of your testing process, invite two to three business users outside of IT to use the chat service. Are they able to request a password or system access? Pay careful attention to their feedback.

Check IT Security Protections

Last but certainly not least, check the chat services security safeguards. For example, check whether the product integrates with your multi-factor authentication (MFA) providers. Next, check how quickly IT security changes are implemented. Speed of service matters when you use a chat service. Time how long it takes to submit two common requests (e.g. new user account and a password reset).

The Bottom Line About Chat Services and Security

Chat services are here to stay and will only grow in popularity. For customer-facing chat services, treat them like any other tool. That means providing training to your staff and applying security controls to protect the data contained in them. Securing public-facing chat services is the least you should be doing. To fully harness the power of chat for security, install a security-oriented chat service your employees can use.

Written by Nelson Cicchitto