E R T N
P
X
E INIO
OP
found anywhere else on the Internet.
The reason – a simple search by the
employee and company name will
reveal their social media presence
and, if the pictures easily match,
you might as well use their full name
anyway. You will have done very little
to mask their identity and provide
protection from a potential social
engineering attack at home or at work.
• Have a detailed manual in place that
clearly states what information the
employee can share and what he/
she absolutely cannot – under any
circumstances, irrespective of the
inquiry – during a chat conversation.
These guidelines will vary and can
include everything from license keys
to password resets. Your business
will have to establish this list based
on the services the chat box
provides and any local and industry
www.intelligentciso.com
|
Issue 18
Irrespective of
whether it’s a human
or machine, there
are some inherent
security risks in
chat-based services.
regulations governing data exposure,
particularly across country lines.
• Create a formal support and
escalation path for inquiries into
potentially sensitive information.
• Provide regular security training
for all chat box representatives so
that they know how to recognise
a potential attack, how to respond
to suspicious requests and how
to escalate a situation before it
becomes a security incident for
your organisation.
Let’s face it – when it comes to
improving customer service, the benefits
of chatbots and conversation marketing
are undeniable, which means they are
here to stay. But these tools do open up
another attack vector – cybercriminals
will always exploit the simplest way
to compromise an organisation and,
unfortunately, humans are often the
weakest link.
But by assessing the key questions and
implementing these best practices, you
can enable a chat service that helps
support your business initiatives, without
opening up unnecessary risks. u
43