Best Practices for Securing Your Intercom Workspace

When running an online business, you need to be very aware of the wide variety of threats you face, your vulnerabilities, and how to protect yourself against these risks.

This is basically your "threat model". What assets do you have and who wants them? If you are online, so is your data and that of your customers, which must be protected. Beyond that, your customers need to trust you with this data. No matter the size of your business, there are countless vulnerabilities and threat actors that could expose this data. If customer trust is lost, it can be very difficult to win them back.

How do you keep your business secure while building and maintaining customer trust? We are extremely conscious of our own security - and this extends to our obligation to provide a safe and secure tool for our customers.

In this article, we'll talk about the best way to secure your Intercom workspace and keep that data safe. We will cover:

The importance of having strong teammate authentication for your workspace. How you should prevent identity theft and chat theft in your Messenger. How to implement "least privilege" with roles and permissions. How to see suspicious activity in your workspace and how to add a security contact for important security-related communications. Secure your teammates' logins with 2FA, SSO or SAML

Research shows that 82% of breaches last year were due to what is known as the "human element", i.e. hackers gain access to it by tricking people rather than finding weaknesses in the code. Therefore, securing access to your workspace is the most important area you need to focus on.

By strengthening the access model to your workspace, you reduce the chances of the human element playing a role in security issues. Have your credentials been breached? Do you reuse passwords? Do any of your teammates?

"Attackers could talk directly to your customers, damage your reputation, or send spam under your brand"

If someone accesses your workspace and conversations with your customers, it may create privacy issues under applicable legislation, such as GDPR. Attackers could talk directly to your customers, damage your reputation, or send spam under your brand.

Although Intercom supports simple login and password, we highly recommend adding additional layers of security to it, either through two-factor authentication, Google SSO or SAML, if you are a Enterprise customer. This makes it all the more difficult for someone who compromises one login to gain access to your entire workspace.

Key takeaway: Make your connection more secure in Settings.

Secure your user conversations with identity verification

If you use Intercom, you're probably using our world-class Messenger to chat with your website visitors and logged-in users.

But if you have a conversation with your user Bob, how can you be sure it's really Bob and not an impersonator? What if someone just says he's Bob but he's not really him? This is where identity verification comes in.

"We strongly recommend that you enable identity verification to prevent identity theft"

It doesn't matter if you use Intercom for visitors or users or both, we strongly recommend that you enable identity verification. Identity verification allows you to send us a unique identity token for each of your users, which means you are able to know for sure which Bob is the real Bob.

Even if you don't have any users on your workspace, we still recommend that you apply identity verification as it will prevent any malicious creation of users in your workspace. Enabling it will have no impact on your website visitors, as anyone who initiates a conversation will be identified by a unique cookie in their browser. Additionally, you must also enable identity verification for your iOS and/or Android apps.