Helpdesk are a focal point for password resets, new account creation and many tickets contain confidential information. We end up firing around quite a lot of usernames and passwords through the helpdesk, that then go off to peoples emails. Whilst we use our helpdesk on HTTPS and therefore securely, the email replies are unencrypted when transported over the internet and the written email content (usernames/passwords/data) remain sat in a customer’s email Inbox… which with the current security conscious climate of things isn’t great (users accessing others mailboxes, viruses that scan through your emails, the nature of emails being unencrypted when transported over the internet etc). Some data is ok to remain visible, but some data/replies (as above) you may want to ring-fence the availability and visibility of. One possible route, would be to have a “Mark as private” check box in the ticket reply box…. (picture attached). When you check this box, the customer gets an email with a normal subject (the one the ticket is open on) but the body of the email says “you have been sent a private message through our helpdesk. To view the contents please follow this link https://helpdesk.com/private/KJHSAD88OIJDJ8D32D8J38DJ32D39KD This link will be available until 25th August 2014” The link obviously sends them off to the HTTPS secure helpdesk. The KJHSAD88OIJDJ8D32D8J38DJ32D39KD is obviously a randomly generated code unique to each ticket reply marked as private (obviously, any future email replies to that ticket would need to omit this portion of the ticket in the history). In the admin section of the helpdesk, there would be a setting that states that the private links only remain available to the internet for X days/hours after which, if someone goes to the link, they are told the link has expired. Because the page is generated on the fly at the server, it could use local system time to define if the page is still allowed to be rendered or if the “link expired” message should be displayed. It would even be possible to limit the amount of times the link would actually work too. If the agent was viewing the ticket in the backend, I would be happy that they could see the reply they sent. I suppose its up for debate if you would allow the user to see it, if they logged into the helpdesk to view their tickets… but I don’t see any harm, unless someone stole another users email account and reset their helpdesk login.
Comments (1)