Protect Your Omnichannel Account from Malicious Activity: Strengthen Security with 2FA

  • Updated

When sensitive data, such as account passwords, is exposed, it poses a significant risk to your system’s security and can lead to severe breaches. If you've noticed suspicious activity, like unauthorized messages being sent to customers, unrecognized templates created, or unexpected WhatsApp broadcasts, it's essential to act swiftly. Here's a step-by-step guide on how to respond to a password leak or malicious activity:

 

Immediate Actions

1. Reset All Omnichannel Passwords

The first step is to reset all passwords related to your Omnichannel system, including Admin, Agent, and Supervisor credentials. If your Secret Key also has been exposed, you’ll need to manually request a reset from Contact support to ensure your system remains secure. Be aware that when the Secret Key is updated, any API usage or custom integrations relying on it must be updated to avoid service disruption.

 

2. Reinstall Admin Devices

Reinstall all devices used by Admin, Agent, or Supervisor to ensure they are free from malware or malicious software such as keyloggers, which may have contributed to the data leak. This step will help secure the environment and prevent further breaches.

 

Preventive Measures

1. Enable Two-Factor Authentication (2FA)

Strengthen your account security by enabling two-factor authentication (2FA). This adds an extra layer of protection, requiring a verification code in addition to your password for login. Even if unauthorized individuals obtain your credentials, they won't be able to access your Omnichannel dashboard without the 2FA code. You can refer to this guide to set up 2FA in Qiscus Omnichannel.

   

If Two-factor Authentication is ENABLED, the payload for the authentication_token in the (/api/v1/auth) will be return null. You can use Secret Key instead for API implementation.

  1. Go to the Admin Setting menu page on the sidebar.
  1. On the chat session click General and select Two-factor Authentication. Click the toggle button, the default is disabled.
  1. Before it, prepare your Authenticator Apps such as Google Authenticator Apps, or another similiar app.
  2. Fill in your Omnichannel password, then click Continue.
  1. For the first time, when you want to enable this feature, The QR code and Set-up Key will be displayed. This QR code or Set-up Key functions to connect to the Authenticator Apps by scanning it.
  1. After you scan it on the Authenticator Apps, you will get the Security Code. Enter the Security Code, then click Enable.
  1. You have successfully enabled the 2FA feature. And this feature is already set to Supervisor or Agent.

For Agents and Supervisors, once 2FA is enabled by the Admin, they will be required to set up 2FA during their next login.

 

2. Enhanced Monitoring by Qiscus

Qiscus has increased monitoring capabilities to detect suspicious templates and activities, helping to prevent similar incidents from occurring in the future.

3. Consider Using Network Whitelisting Features

Implementing network whitelisting allows access to your Omnichannel account only through specific networks (such as a Private VPN), adding another layer of security against unauthorized access.

 

 

By taking these actions, you can minimize the impact of malicious activity and ensure stronger security for your Omnichannel system going forward. Contact support if you need more help.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.