Data Loss Prevention Guide for Intercom
Secure your Intercom data with best practices, learn security concerns, encryption, audits, and two-factor authentication to protect customer information.
Intercom is a centralized hub for businesses to streamline customer communication across various channels such as chat, messaging, email, and support ticketing. It facilitates seamless interactions by providing support, collecting feedback, and fostering stronger relationships.
During these interactions, Intercom captures critical customer details such as names, email addresses, phone numbers, and other pertinent information shared in conversations. Intercom maintains a comprehensive record of all interactions, including chat logs, support tickets, and email exchanges, to provide valuable context for future engagements. Additionally, it allows team members to store internal notes and communicate about specific customers or issues based on individual settings.
However, storing and handling sensitive information necessitates robust security protocols to prevent data breaches that could have far-reaching consequences for trust, reputation, and financial standing.
This comprehensive handling of sensitive information naturally foregrounds a crucial inquiry for companies leveraging this platform: Just how secure is Intercom when it comes to protecting your business and customer data?
Here are some key security measures implemented in Intercom by default:
Hosting: Intercom uses Amazon Web Services in the USA for hosting, which is known for its strict security and compliance standards.
Automated deployment: Intercom uses automated systems to ensure secure and efficient deployment of changes to both the application and operating platform. With dozens of deployments per day, security fixes can be quickly rolled out when needed.
Data encryption: Intercom enforces data security by encrypting all data during transit. The API and application endpoints use TLS/SSL exclusively, meeting an "A+" rating on SSL Labs' tests. This includes strong cipher suites and features like HSTS and Perfect Forward Secrecy, which are enabled for added protection.
Third-party audits: Intercom regularly engages with trusted third-party auditors to review its codebase and infrastructure and address any potential issues that may arise.
Infrastructure management: Intercom uses Terraform to maintain infrastructure and additional technologies like Graylog, AWS CloudTrail, and PantherLabs. This ensures a comprehensive audit trail for both the infrastructure and application.
Two-factor authentication: 2FA is implemented whenever feasible, with vendors mandated to enforce it on all accounts. While shared accounts are not recommended, tools such as 1Password are employed for secure login management when necessary.
Corporate network security: The corporate network is structured without any backdoors to production systems, following a zero-trust model for enhanced security
Incident response: An incident response plan is documented, and all employees are trained on security protocols and policies.
Penetration testing: Specialized security partners carry out External penetration tests twice a year.
Code review and testing: Any changes to the Intercom codebase undergo peer review and automatic testing through the CI/CD process to catch any regressions or security flaws using static analysis. They also manage a public bug bounty program with Bugcrowd to identify and resolve any potential security issues.
Intercom utilizes a shared responsibility model, where physical and network security at their data centers is managed by cloud providers like Amazon Web Services (AWS). While this partnership leverages AWS's robust security frameworks, it also presents potential vulnerabilities, particularly if the cloud provider itself is compromised. This situation could impact the security of Intercom users, despite the protective measures in place. Additionally, the reliance on a single cloud platform can pose challenges in data mobility, complicating the process for users wishing to migrate to another platform in emergency situations.
Connecting Intercom to other applications enhances functionality, but also introduces security vulnerabilities. Flaws in these external platforms can lead to unauthorized access to Intercom data. Improperly configured integrations may inadvertently expose sensitive information or functionalities, heightening the risk of data breaches or leaks.
Accidental exposure may occur due to human error, as sensitive information can be leaked through insecure conversations or file uploads. Disgruntled employees with access to Intercom could also pose an insider threat by intentionally misusing or stealing data. Privilege creep—where users accumulate access rights beyond their needs—may occur over time if user roles and permissions are not regularly reviewed and adjusted.
Intercom's feature of storing data in designated geographic locations may not always meet a company's legal or regulatory obligations, which can pose challenges for businesses that must adhere to strict data residency laws. Businesses should understand and manage the duration of customer data retention, especially for compliance with regulations such as GDPR that dictate specific policies for retaining data.
Incorporate advanced security features such as encryption enhancements and network security configurations to ensure all data is secure at rest and in transit. Use strong encryption standards for all data and implement advanced methods like elliptic curve cryptography (ECC) for stronger data protection during transit. Regularly update encryption protocols for data at rest to prevent unauthorized access. Also, data loss prevention (DLP) solutions should be employed to prevent accidental sharing or leakage of sensitive information.
Hackers often exploit the "human element" by manipulating individuals to gain access rather than exploiting code vulnerabilities. To safeguard your workspace, it's crucial to strengthen your access model, minimizing human error that could lead to security breaches. Avoid reusing passwords and sharing credentials. Implement robust login measures such as 2FA, SSO, or SAML in your Intercom workspace to prevent unauthorized access, protect customer conversations, and preserve your brand's integrity.
Implement stringent identity verification processes to enhance the security of user accounts and deter fraudulent activity. All individuals, whether visitors or registered members, are required to present a unique identity token before accessing the platform. This approach ensures that only verified users can enter your workspace, safeguarding against unauthorized access. Even without active users, activating identity verification preemptively shields your environment from potential threats. Visitors will remain unaffected as they are authenticated via a unique cookie in their browser.
Improve your enterprise security measures by integrating Intercom into an SIEM system. This will centralize security event logging and analysis, making detecting and responding to potential threats easier. Make it a regular practice to review system logs for any suspicious activity or anomalies. Set up alerts for critical security events so we can quickly respond to any potential threats that may arise.
With permissions and roles, you have complete control over your teammates' actions. This feature allows you to limit privileged actions to a select few members in your workspace, following the "least privilege" approach. This means that each teammate will only have access to the tools necessary for their job, reducing the potential impact of any account takeover incidents.
Assigning roles doesn't mean you can let your guard down. It's always a good idea to regularly check your teammate's activity logs for any unusual activity. These logs serve as a way to monitor important changes like data deletion or export. If you have a large team, keep an eye on failed login attempts, new invitations, changes in settings, or even bulk data exports. These insights can help detect suspicious behavior and protect against the potential threat of internal bad actors.
Consistently review your Intercom configurations and access controls to maintain stringent security. Conduct periodic security audits—quarterly or following significant changes to your setup—to evaluate access permissions, integration security, and potential vulnerabilities. Keep your Intercom system and any integrated applications updated with the latest security patches to prevent risks.
Additionally, develop a comprehensive incident response plan to effectively address and mitigate any security incidents. Educate your team on essential cybersecurity practices, including secure password management and phishing detection techniques. Implement strict password policies requiring strong, unique passwords for all team accounts, which should be updated regularly.
While it is important to follow the abovementioned best practices, there are still ways that sensitive data can be accessed. To address this issue, a data loss prevention (DLP) solution must be implemented in Intercom.
Strac Intercom DLP protects businesses by discovering (scanning), classifying, and remediating sensitive data such as SSNs, driver's licenses, credit cards, bank numbers, IP (confidential data), etc.
Schedule a demo with Strac today to protect your Intercom environment!