Zendesk security: best practices for configuration

February 27, 2013

In light of last week’s incident at Zendesk and well-publicized hacks at other companies, security continues to be a major focus for us. As we work to improve the overall security of our service, we’re reminded daily of the rise in social engineering and other security threats to companies of all sizes.

With that in mind, we wanted to remind our customers of some basic steps they can take to improve the security of their own Zendesk accounts. Now more than ever, we advise you to take advantage of Zendesk’s security capabilities.

The following five highlights come from our recently updated Security Best Practices guide, which can help ensure that your Zendesk has the best security configuration for your company.

1. Increase password security
Change Zendesk’s default password policy to force customers to use more secure passwords that automatically expire every 90 days. Train your agents and customers to recognize social engineering and phishing attacks designed to trick them into divulging their log in credentials.

2. Limit agent and administrator access
Restrict administrator access to your Zendesk to only a select few of your employees. Keeping the number of administrators at a bare minimum greatly reduces your security risk.

3. Turn on additional security features
Consider using remote authentication with single sign-on, restricting access to your Zendesk by IP range, or enabling SSL.

4. Don’t forget about your Zendesk extensions
Ensure that you use best practices of secure coding when you build and deploy Zendesk widgets and apps.

5. Audit your account regularly
Regularly checking usage and activity in your Zendesk on a regular basis is a great way to spot unusual or suspicious behavior that could signal a problem.

There are more details about these best practices and additional tips on securing your Zendesk in our Security Best Practices guide. The guide is part of our support forums, which contain a wealth of information and resources for the Zendesk customer community. Our customers and employees are active in the forums, and we encourage you to join us: browse around, ask questions, and participate in the discussion.