Zendesk offers a robust platform for managing customer support, however ensuring its security requires a proactive approach. By following these top security tips and fostering security awareness within your organization, you can significantly reduce the risk of data breaches and protect your sensitive information. Security is an ongoing process, and regular monitoring and updates are essential to maintaining a safe and secure Zendesk environment for your business and customers.
This article will cover the following 10 steps:
- Strong Password Policies
- Two-factor authentication (2FA)
- Single Sign-On (SSO)
- Access Control
- Data Encryption
- Employee Awareness & Training
- Incident Response Plan
- Regular Audits and Monitoring
- Third-Party App Review
1. Strong Password Policies 🔐
The first key step to secure your Zendesk account is enforcing a robust password policy. Promote complex passwords with a mix of upper and lower-case letters, numbers, and special characters. Regularly prompt users to update and keep their Zendesk passwords unique.
We recommend setting your Zendesk Password security level to High in order to achieve this.
- For more information on password security see: Setting the password security level
2. Two-Factor Authentication (2FA)📱
Two-factor authentication is a simple but effective way to add an extra layer of security to your Zendesk account. By enabling 2FA, even if someone obtains a user's password, they won't be able to access the account without the secondary verification method, such as a one-time code from a mobile app or SMS.
- For more information on how to configure 2-factor Authentication in your account follow the guide here: Using two-factor authentication
3. Single Sign-On (SSO) 🪪
Single Sign-On (SSO). SSO allows users to access Zendesk and other applications with a single set of credentials, enhancing security and user convenience. With SSO, you can enforce centralized authentication and access control policies, reducing the risk of unauthorized access and simplifying user management. Ensure that your SSO setup is configured securely and that it integrates seamlessly with Zendesk to provide an additional layer of protection for your helpdesk environment.
- For more information on Single Sign-On check the guides here:
4. Access Control 👥
Implement strict access control measures to ensure that only authorized personnel can access sensitive data within Zendesk. Utilize Zendesk's roles and permissions feature to grant users only the necessary level of access for their roles. Regularly review and update these permissions to reflect any changes in personnel or responsibilities.
You can also look to utilise Private Groups (Enterprise plan only) to secure sensitive information away from other agents on your Zendesk.
- For more information on access control check the guides here:
5. Data Encryption 💽
Zendesk employs encryption to protect data in transit and at rest. However, it's essential to ensure that your organization also uses secure connections (HTTPS) when accessing Zendesk and encrypts any attachments or documents containing sensitive information.
You can also look to purchase the Advanced Data Privacy and Protection add-on for your Zendesk as well. Zendesk Advanced Data Privacy and Protection (ADPP) is a set of features that expand on security offerings already built into Zendesk Suite. It’s available as an add-on for Suite Enterprise plans.
- For more information please see the guide: Buying the Advanced Data Privacy and Protection add-on
6. Employee Awareness & Training 📣
Security awareness should extend beyond just your IT department. All employees who use Zendesk should be educated about the importance of maintaining secure practices. Offer training and awareness programs to teach users about phishing attacks, social engineering, and other security threats.
7. Incident Response Plan 🚨
Prepare for the worst by having a well-defined incident response plan in place. In the event of a security breach or incident, your team should know how to respond, mitigate the damage, and communicate with stakeholders effectively. Test your incident response plan regularly to ensure it remains effective.
- For more information please see:
8. Regular Audits and Monitoring 🔍
Implement a robust auditing and monitoring system to keep an eye on Zendesk activities. This helps you detect any suspicious or unauthorized activities promptly. Regularly review logs, access reports, and other data to maintain a secure environment.
You can utilise the Audit log either via the Admin Centre or the API to review Zendesk logs.
- For more information please see:
9. Third-Party App Review 🕵️
If you use third-party integrations or applications with Zendesk, ensure that they follow secure practices. Review and verify the security measures taken by these applications to protect your data. Only integrate trusted and secure tools with your Zendesk instance.
10. Multi-Channel Security 🛡️
Consider the security of other communication channels that may be integrated with Zendesk, such as email, chat, or social media. Ensure that these channels also adhere to robust security practices and policies.