Chatbots are becoming ubiquitous in our lives. Many of us interact with them daily as an assistant in our homes. But many more of us communicate with them via the web, mobile applications, the telephone, text and other channels to gain access to both internal and external customer support. Indeed, 80% of companies plan to use some form of a chatbot by 2020.
The value and benefits of this technology are especially strong with more intelligent chatbots, often called Virtual Agents. These Virtual Agents leverage natural language processing and advanced machine learning to automate service delivery, answer our questions, provide resolution, and free up analysts and service reps to concentrate on more complex and compelling requests and projects.
Yet, as chatbots and Virtual Agents grow in popularity and use, some are concerned they could also become the next entry point for cyber criminals. And with the average cost of a data breech expected to exceed $150 million in 2020, no company can afford to be complacent. In certain vertical markets, such as health care, legal services and banking, the need for data privacy and protection is particularly critical.
However, there are a variety of important measures businesses and government agencies can take to ensure the security of chatbots and Virtual Agents in their organizations. What’s more, well-skilled intelligent chatbots can also be a powerful virtual ally and tool to improve a company’s security posture, processes and readiness. Organizations need to be sure they work with solution providers and integrators who understand the security requirements and opportunities of Virtual Agents.
Ensuring chatbot security
As any IT security professional can tell you, when a system is not maintained to superior standards, it becomes vulnerable to attack. Vulnerabilities and successful attacks can occur due to poor coding, insufficient protection, user awareness or errors. While chatbots and Virtual Agents are relatively new, they are subject to these same facts of life. They can also benefit from the same security protocols and processes that have been used to protect other systems and applications.
Here are security measures that will help protect your users and data.
HTTPS is the standard web protocol for securing online communications. It facilitates secure communications by transferring data over Hypertext Transfer Protocol (HTTP) through a connection encrypted by Transport Layer Security (TLS) or Secure Sockets Layer (SSL). This protects privacy and integrity of data exchanged between parties.
End-to-end encryption is the most secure way to send and receive information online. Only the users can read messages that are encrypted by the sender. Only the recipient can retrieve the data and decrypt it.
Authentication, which comes in many flavors, is a powerful safeguard. Two-factor authentication asks users to provide two different forms of identification, most frequently a username and password. User identity authentication allows a device to verify the identity of the user connecting to a network. Biometric authentication is another valuable option that leverages inputs such as a retina scan or a fingerprint reader to provide access. Meanwhile, authentication timeouts limit the time allotment a user can access the system under a single log-in.
Intent-level authorization allows interactions based on context to determine appropriate access to data. Privacy rules such as GDPR and HIPAA require strict adherence to information privacy.
Channel authorization allows organizations to restrict and provision access to different channels to ensure security. Securing an internal or private channel is easier than securing external or public channels such as WhatsApp or Facebook.
The virtual agent security guard
Advanced chatbots can reduce the vulnerability of systems by funneling communications through highly secure protocols and by providing appropriate access to virtual agent knowledge and skills. They can play a significant role in hardening enterprise security by addressing a major weakness—your people. According to Osterman Research, users are typically the weakest link in the security chain—mostly due to lack of training and awareness and the inability to identify and deal with attacks. Virtual Agents can help address these issues by providing much needed support to users and shielding them from these risks, making them immediately aware of potential vulnerabilities and reinforcing a culture of secure communications.
These intelligent chatbots, or Virtual Agents, can scale support to address large user populations to increase security awareness, communicate potential threats or scams, and support policies and practices with the right workflows, authentication and authorizations. For example, they will not fall for email phishing attacks, and can alert employees to these attacks, dramatically accelerating IT staff in providing remedies to malware infestations, or even react automatically to some security issues without human intervention.
Take, for example, a user whose device is the first in her company to be infected with a new malware. She emails, messages or calls her company’s Virtual Agent for support. The bot can then use its skills to gather pertinent information about the problem. It can then check its knowledge base for valuable information and forwards the incident report to the support team along with a “what to do” article that is relevant to the problem. As more requests come in related to the same malware, the Virtual Agent becomes more intelligent in identifying the problem, the remedy, and the pattern of infection throughout the organization. Discovering infectious patterns enables the Virtual Agent to send out an alert to users about how to avoid infection. Acting as single point of contact, a Virtual Agent can correlate problems much faster than relying on staff observations and consensus, stopping threats much sooner.
The good news is that, using security best practices and proactive planning, you can avert the types of malicious attacks described above. Virtual Agents can be the 24x7x365 guardian that acts as an interface to productive conversations and enhanced security. Consider digital labor the next line of defense and a critical part of your new security strategy.