- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2023 06:04 AM
Hi SNOW community,
We are in the process of migrating to SNOW portal. In between this we came across a scenario to ascertain ways to secure our inbound call center. Meaning if an external caller directly calls to the IT helpdesk - what are the ways to confirm his/her identity over phone call. Currently most of the call centers ask for first/last name etc. but it somehow leads to a possibility that an hacker can impersonate the actual employee and might end up performing unwanted activities within the organization or even an attack for that matter.
I know SNOW as an application/web service does have security controls once the user is logged in but if it is via call, does SNOW have any possible security feature like - service codes (refer Netflix account security etc)
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-11-2023 10:07 AM
This answer is not completely mine but I checked with friends,
use MFA
use some apps which can be OTP way and ask users to submit that during call.
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.
Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]
****************************************************************************************************************
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-11-2023 01:07 AM
1st point, it is not SNOW .. it is SN or ServiceNow or NOW.
You mean, you need some kind of encryption?
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.
Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]
****************************************************************************************************************
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-11-2023 07:20 AM
Hi,
Thanks for correcting the solution acronym. However, I intend to understand if there is a way to confirm users' identity or perform validation checks when helpdesk center receives call from them for any issue. Currently one simply asks for first/last name followed by employee id - but thereby increases the risk of an attacker impersonating an employee and conducting various action items like changing password request etc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-11-2023 08:37 AM
Add some security questions if possible. Also this need to discuss with client /customer as well. What policies they have for other tools.
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.
Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]
****************************************************************************************************************
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-11-2023 08:44 AM
I agree this could be one of the many ways but information like emails, or security questions to validate that they were talking to the right person comes under knowledge factors. And the problem is that these are all pieces of information about a person that are relatively easy to find or buy. Thereby, bringing me back to the original request. Do we have anything like dual/Mutual factor authentication that generates real time service codes at both Helpdesk and user end to validate the authenticity of a user over call.