As a small business owner, I have come to realize one thing.  In today’s world, your website means and represents you A LOT.  For example, back in the heydays of the .com craze, I remember that just about everybody was simply obsessed with registering a domain with that particular extension, and just getting something up that would even closely resemble a website, in the hopes of getting some sort of VC funding.

But now, every little detail matter in a website, ranging all the way from how your website looks, it if is mobile, to the keywords, to the SEO, the PPC, blah, blah, blah.  It’s like almost designing a new airplane from the ground up.  This is of course if you want everything done right the first time. 

Many ISPs offer cookie cutter templates which will build the website for you, with no attention being paid to the details.

So, in my case, this was a huge learning process for me, as I basically have rebranded and relaunched my tech writing biz with a new name and entirely revamped website.  But there is also another trend that I have noticed lately in websites: 

Many SMBs are now implementing the use of what are known as “Chatbots”, or essentially, Virtual Agents that can literally hold a conversation with your prospects 24 X 7 X 365 as they visit your website.

From the outset, this is essentially a widget that is installed onto the various pages of your website.  A prospect types in a comment or a question, and a reply is returned within a minute or two, at most.  It looks simple enough, but these tools are actually quite complex and even costlier to deploy. 

The primary reason for this is that they deploy Artificial Intelligence (AI) tools in order to make the prospect feel that they are engaging with a live person.

There are many advantages for a business to using this kind of approach, especially during the Holiday Season.  For example, a prospect does not have to wait on hold forever waiting to speak with a CSR.  They can be instantly engaged with one of these bots and feel that they are getting the attention that they deserve, which is of course crucial in converting the prospect over into a sale.

I actually have written a few articles on chatbots, and a future blog or two will be covering their advantages and disadvantages.  I actually thought of deploying one on my website, and I searched for numerous vendors that offer this. 

I became particularly interested in one and had an informative conversation with a rep from this vendor.  I told him that I was interested in deploying their chatbot, but he said no, what I was looking at getting was a messaging agent.

So, I asked him what the difference between the two was.  He said that at chatbot makes use of specific AI tools so that the responses to the prospect will be more customized to their questions.  In other words, it makes use of those fancy algorithms in order to actually predict what a customer’s questions could potentially be. 

But with the chat agent, the prospect is merely chatting with a real person from your organization.

So, for right now, I am just going to deploy this chat agent, primarily because its free LOL.  I may look at later deploying a chatbot on it.  But whatever method you decide to go with, it is very important to look at the security factors that are involved.  This is actually more complicated than simply installing a firewall, because now you have to secure a line of communications that is now two ways.

Here are some key things that you need to look at:

*The levels of Encryption that are used:

Your chat agent should support at the very minimum, 256 bits of Encryption or even higher (which is always better).  Most ISPs now offer free SSL certificates when you get a new hosting plan with them, so any communications with the chat agent will already be secure when it is installed onto your website.  But, before getting a package, always confirm with the vendor first if the chat agent that you are going to get will support the SSL certificate on your website. In fact, most brand name vendors already have some layer of Encryption baked into their chat agents, so this hopefully should not be an issue.

*Who will chat with the prospect:

Since I am the only one in my company, I will be the one chatting with the prospect as they see my website.  But obviously for those SMBs that are larger than me, more than one person will be delegated to chat with the prospect.  But of course, you just don’t want ANYBODY to be engaged in a chat.  Thus, you should figure out who will be involved, and who will have access to the conversations.  More than likely, it will the IT Security Manager that has overall charge and select members from the sales team that will have the ability to chat with the prospect.  These roles should be clearly defined in your Security Policy, and strictly enforced.

*Securing files that are transmitted:

Many of the more powerful chat agents and bots allow for the prospect (or even existing customers) allow them to transmit files to be sent to the Virtual Agent.  For example, this could include an invoice or a receipt that is in dispute.  But of course, you never know who is on the end sending end, so you want to make sure that whatever tool you are using will not download these attachments onto your IT or Network Infrastructure.  Rather, these attachments should be examined from a “Read Only” mode.  But, if it needs to be downloaded, it should be first examined closely by the IT Security staff to make sure that there is no type of Malware that is deployed on them.  Also, you also need to make sure that all confidential information and data that is transmitted stays that way, in the sense that it should be restricted to those employees that absolutely have to have them.

*Logging of all conversations:

Because of the recent legislations and mandates that are coming down and being enforced, as well as the harsh penalties that are being imposed by them, as a business owner, you have to maintain a record of all conversations that have been engaged with prospects with the chat agent.  Also, if your organization has been subsequently impacted by a Cyberattack, and if a prospect from the chat agent has been suspected, keeping detailed records of all conversations will become essential for the purposes of a forensic examination to take place.

*The release of corporate information/data:

At the heart of any good Security Training Program is instructing your employees not to divulge out trade secrets when on a phone call or exchanging Emails to those individuals and entities that are external to your business.  The same also holds true when they engage with conversations via the chat agent or the chatbot.  This should also be stated in clearly in your Security Policy, as well as the penalties for not abiding by it.

*It should also be a part of any Penetration Testing or Threat Hunting exercise:

Remember, once you deploy a chat agent or chat bot, it too becomes a part of your overall IT and Network Infrastructure.  Thus, in this regard, it should also be part of the scrutinization of any Vulnerability Assessments or Technology Audits that takes place.

My Thoughts On This

Chat agents and chat bots are not going to disappear, rather; they are going to be around for quite a long time to come.  This is catalyzed for the most part of the digital world that we now live in.  Just consider some of these statistics:

*There have been 12 million messages that have been sent via Slack;

*There have been 13 million messages that have been sent via Microsoft Teams.


As mentioned, the benefits of using these are great.  But you need to be careful with what you are using, and who your employees are chatting with.  These agents are also another way for the Cyberattacker to gain a foothold into your business, either by launching a Phishing or a Social Engineering Attack.  Rather than using a phone or an Email, it is the chat agent that is being used. 

Thus, as far as possible, it is imperative that all conversations are being monitored in real time.  Of course, if you are an SMB owner like me, you just don’t have the time to do all of this.  Rather, you can outsource this function that can provide you with alerts in the case any anomalous behavior is detected.

Finally, always go with a reputable firm when procuring your chat agent or chat bot.  A Google search can reveal this, as I did it.  In the end, I finally went with Zen Desk because of the ratings they have received so far, and the fact that I was able to get quick responses to my questions and concerns about using their tool.