The live chat software security shadow

null

Scandals, breaches, fear: the latest press for live chat software has been troubling. Cybercrime is on the rise, and at the beginning of this month some live chat services felt the sting.

Live chat software has fast become a necessity for businesses, with demand for online service driving a 7.3 per cent compound annual growth rate for chat. Unfortunately, this surge in live chat adoption has been eyed – and exploited – by cybercriminals.

Recent security scandals have left a blight on the live chat landscape, causing a chain of headaches for chat vendors, their customers, and their customers in turn. So, how can brands protect themselves from cybercriminals when implementing chat? Howard Williams, marketing director at secure live chat specialist Parker Software, investigates.

Recent scandals

There’s been no shortage of scandal in the live chat industry already this month. In the first week of April 2018, serious data breaches related to major live chat vendors were revealed.

It was reported last week that Sears, Delta Airlines, Kmart and BestBuy were affected by a malware attack found in [24]7.ai’s live chat widget. The attack, which saw the leak of card information such as names, card numbers, CVV codes and expiry dates, started on September 26 and was discovered by [24]7.ai on October 12 last year. Although a fix was implemented immediately, the damaged customer trust will be harder to repair.

Last week also saw the revelation that two large live chat vendors have been leaking employee details from high profile companies. Armed with this private employee information, cybercriminals have what they need to perform social engineering attacks against the company. Not only could they impersonate employees, they could easily gain access to the internal networks of the victimised companies.

Is it secret, is it safe?

These scandals have cast a shadow on live chat security. For companies, the risks of deploying a chat channel have been spotlighted like never before. Chat is not a simple download and deploy matter, and trusting to a large vendor won’t necessarily safeguard you from cyberattack.

For consumers, the breaches have raised new concerns about sharing personal information through a chat channel. The scandal could scarcely have come at a worse time, with consumers increasingly data-savvy amid Facebook controversy and pending GDPR changes.

So, is live chat software safe to use? Will it weather the post-scandal storm and remain a rising customer service channel? The answer to both is ‘yes’, but that yes is conditional.

A critical data touchpoint

Finding the right SaaS solution for your business is often overwhelming. Companies must employ caution and consideration when partnering with technology vendors – particularly when the technology involves any level of customer data handling.

Unfortunately, the sheer quantity of customer data commandeered through a live chat service is easily overlooked. As chat has exploded in popularity, more and more solutions have saturated the market. Since many of these solutions are simplistic in nature and take a matter of minutes to deploy, it can be easy to forget the volume of data that chat software plays portal to.

A live chat channel is a critical data touchpoint: not just a quick-fire communication option. So, it should be approached from a stringent security angle.

What to look for in a secure live chat vendor

A secure chat channel will have features and methods for you to use to defend against unauthorised access to data.

Firstly, look for a live chat solution offering encryption. Encryption makes your chat data unreadable without a code known as a ‘key’ to decrypt the information. Because only select users have the key needed to decrypt the data, unauthorised access is reduced.

Secondly, ensure that the vendor establishes secure chat connections. Look for connections that are secured over an initial 2048 bit RSA exchange followed by an exchange of, at minimum, a 128-bit session key. You should also enquire about whether these connections use a trusted public certificate authority, and whether they are filtered by firewalls.

Next, turn your attention to infrastructure. Where is your chat data hosted? For highly regulated companies, you might prefer to self-host your data on your own servers in an on-premises live chat installation. For companies preferring cloud hosting, ensure that the chat vendor is using a reputable data centre located in an EU-approved country.

A secure chat vendor will also have clear policies on the monitoring, storage and recovery of your data. So, thoroughly vet a vendor’s data procedures in your request for information (RFI) stage. Enquire about service level agreements, data retention policies and the company’s internal infrastructure. Overlooking details early-on can lead to vulnerability later down the line.

Internal measures

Unfortunately, security threats don’t only come from outside. Breaches and leaks can often be directly attributed to user error or poor cybersecurity practices from employees.

To defend against this, a secure software vendor will recognise the need for security training, strong employee management, and support for your team too. Look for vendors that can offer security assistance, and check out their own security with regards to company hiring.

When it comes to the software itself, you should also be able to limit access rights internally. Look for solutions with user management features, with permissions broken down on both an administrator and standard user level. Being able to manage user access rights and set permission levels is a fundamental feature of a secure chat solution.

Look before you leap

Security is a process, not a product. People, processes, and physical security are all as important as security features in the product itself. In other words, to find a truly secure chat channel and protect yourself from cybercriminals, you need to find a chat vendor with strong security practices.

So, be sure to ask each potential vendor what security measures they have in place to protect your data. Read through their privacy policy. Look for information about what data they collect, how they store it securely, and what backup and recovery procedures they have in place.

Live chat software may be here to stay, but that doesn’t make it automatically infallible. Be sure you look before taking the live chat leap.

Howard Williams, marketing director, Parker Software
Image Credit: Andrea Danti / Shutterstock