Enhanced Security - Protection against account access
S
Super User
I realized that when customer support access our accounts, they can just access it on the fly and there are no restrictions. They just request for the relationship number and that's it. We're not sure what the support team or admins are able to do and see.
- Can we please have a 2FA permission whenever a support or any admin access an account? It's kind of like a prompt saying "support is trying to access your account, allow?" If I don't click yes or give the OTP code. Then support can not access.
- The account access will expire and will need to request for authorization to access again.
- Every action is logged.
Questions:
- Do we have transparent logs for these types of interactions?
- How can we increase our security measures against insider attacks today?
Log In
S
Super User
S
Super User
Another security risk is sub-account staffs or Highlevel staffs can export contacts without permissions. We can again, implement OTP of 2FA here or have the exported file be sent to the personal email of sub-account owner. With the details of which staff account or highlevel staff requested the export, date and time.
Agency account owners also should only be able to see everything except for the contact lists unless permitted in that specific time or request.
P.S: I talked to some Virtual Assistants and told me they were actually able to work multiple clients by offering the contacts from the other agency account. Simply by saying "I got leads for you." -- How did I get this information? I blend in.
S
Super User
Karthik
Karthik Anand (HighLevel)
S
Super User
RevEx Group