Talkdesk’s Jennifer Bonacci explores that with an increase in cyber-attacks and a lack of cybersecurity professionals to mitigate these growing risks, contact centre security is more essential than ever.
To reduce security risks, contact centres need to take steps such as using a cloud-based solution, multi-factor authentication, and data encryption to ensure that their customers’ sensitive data stays protected.
When contact centres take a proactive approach to security, they prevent risks that would cause adverse effects on both their businesses and their customers.
With each passing year information security becomes more important, and contact centre security is no exception. The type of customer data that traverses contact centres is often extremely sensitive–possibly related to medical, financial, or other personal details.
Data breaches are increasing in frequency, and more people are aware of the threats and concerned about keeping their personal data safe.
As an example of the widespread concern for data security, the annual volume of searches on DuckDuckGo, an internet browser focused on privacy, grew by 56.8% in 2020 compared to 2019. More people are asking, “where is my data going?” which makes contact centre security vital to a business’s success.
Securing your contact centre in today’s world of digital transformation requires a layered approach. There is a lack of cyber security professionals in today’s world of digital transformation, meaning that everyone needs to take responsibility for security.
Because of this, Talkdesk provides security resources to shift some of the burden off of IT/Security teams that are likely short-staffed already. Instead of relying solely on these teams that are stretched thin, our solutions delegate some of the security to leaders such as operations, supervisors, and admins.
This means that people closer to the action in the contact centre are more aware of potential vulnerabilities, improving security posture as a whole.
Why Contact Centre Security is so Important
With alarming headlines about massive data breaches dominating media on a nearly daily basis, customers’ growing concern for data security is understandable.
Plus, contact centres in particular are targets – they’re essentially clearing houses for data, and bad actors know this.
This also means that the front-line workers of the contact centre – the agents – could make or break their centre’s security through their daily behavior at work and their vigilance to keep data safe from attacks like social engineering threats.
At the same time, companies are sometimes worried about the high cost of implementing a security program.
Many organizations cannot afford to hire a Chief Security Officer (CSO), especially considering all of the expenses that go along with creating such a role. However, the pros often outweigh the cons, as data breaches create catastrophic issues for businesses.
An annual study, the Cost of a Data Breach Report, uncovered that the average total cost of a data breach in 2021 increased by nearly 10% compared to 2020, to $4.24 million–the highest ever recorded. A data breach not only means high costs for a business but also a decrease in trust and loss of reputation.
Businesses must also consider the ramifications of failing an audit because they didn’t achieve compliance requirements. Fines can cause monetary loss, and if the failure becomes publicized, it can have dire consequences for your brand.
In addition, securing your customer’s sensitive data is simply the right thing to do. When your business chooses to protect customer data, you contribute to making the virtual world a safer place for users everywhere. It’s not only an issue of business growth and success but ethics too.
And if a contact centre is hit with a data breach, the loss of brand value could be the worst price to pay. In today’s day and age, customers can quickly take their business elsewhere as soon as they lose trust in you.
When considering contact centre security, there are regulations to consider, depending on your business’s industry and which types of information pass through your contact centres on a daily basis.
This can both include policies and procedures on what call centre agents should not do or say, along with requirements of what they must say to their customers in order to properly inform them (such as in the case of solicitation):
The Health Insurance Portability and Accountability Act (HIPAA) prevents sensitive patient health information from being disclosed without the patient’s consent or knowledge.
Because of HIPAA, businesses need to be vigilant in understanding exactly where their customers’ private health information (PHI) goes and how it gets stored.
The Payment Card Industry Data Security Standard (PCI-DSS) focuses on protecting payment data, such as credit and debit card transactions, against data theft and fraud. Any contact centre that processes payment methods is required to follow PCI-DSS compliance.
Many businesses earn a PCI certification to keep their customer data secure. This certification is earned by implementing security best practices such as firewalls, encryption, and anti-virus software.
The General Data Protection Regulation (GDPR) is a relatively new privacy and security law established by the European Union in 2018. GDPR must be followed by any businesses that interact with customers who live in the EU. It covers security requirements such as:
- Documenting how data is collected and where it goes.
- Handling data securely with best practices such as authentication, encryption, and internal training.
- Gaining consent from users, in order to process their data.
- Proving compliance with metrics.
Where Threats to Call Centre Security Come From
Threats to call centre security can be internal or external. Internal threats come from call centre agent errors or disgruntled employees, while external threats come from unknown malicious actors targeting your organization.
When call centre agents are negligent in security controls, such as managing access or protecting their own level of user privileges, they become internal threats.
When an organization fails to set up safeguards against attacks such as malware, it’s especially vulnerable to external threats. While it is difficult to defend against a disgruntled employee, following the “rule of least privilege” and monitoring agent activity will at least mitigate the effects.
Personally Identifiable Information
It’s vitally important for contact centre administrators to protect their customer’s personally identifiable information (PII) against both internal and external threats.
PII can be found in several places across a contact centre’s operations since it is used in a lot of practical ways, such as verifying caller credentials, gaining context for a customer’s inquiries, and generally giving better customer service.
A few examples of PII that are used by contact centres on a regular basis include:
- Usernames and passwords.
- Account numbers, social security numbers.
- Emails and sent messages.
- Online purchase histories.
- Data entered into online forms.
- Mailing addresses, phone numbers, and other contact methods.
- Financial or medical details.
If any of these types of PII are used or stored incorrectly, a business can break regulatory compliance and face fines or—even worse—become vulnerable to data breaches.
Internal Threats to Data Security
Internal threats usually originate from call centre agent errors. When a contact centre agent fails to protect their computer workstations, falls prey to phishing attempts, or misuses data in some way, they expose the whole organization to security threats. Disgruntled agents can sabotage an organization by acting deliberately to steal or redirect information.
To prevent internal threats, call centre agents need training and monitoring. Resources like gamified training solutions, security mentoring programs, and employee knowledge bases are all out there.
Implementing these options will equip and educate your team against accidentally becoming internal threats. Monitoring can be done by reviewing agent call logs for activities that seem out of place.
Remote contact centre teams bring a whole other dimension to security issues. Working from home can mean supervisors are no longer present to help mitigate risk by observing agents or being physically close.
It also means that security processes and technologies intended for in-office teams will no longer be relevant in a remote environment.
Remote work environments need solutions and processes that help supervisors monitor agents and enforce policies. For example, a voice biometrics system can authenticate your agents’ identities remotely without adding extra steps to their daily operations.
External Threats to Data Security
Many data security threats come from deliberate efforts to break into your systems. Malicious users take advantage of security gaps such as insecure access points, unencrypted data, weak passwords, and insufficient security protocols to collect sensitive data.
Once attackers gain access to customer data, the potential for damage skyrockets. Ransomware attacks, data leaks, distribution on the black market, and more are all possible once an attacker finds their way into your system.
How to Increase Contact Centre Security
Secure Cloud-Based Solution
A cloud-based solution is a great way to tighten up your contact centre security. A cloud environment makes it easier to make security architecture changes and stay up-to-date with compliance requirements.
Multi-factor authentication (MFA) helps to minimize threats as well. MFA asks for employees to verify their identities with more than just a username and password, making it harder for attackers to crack the code and reach your organization’s sensitive data. Multi-factor authentication with voice biometrics is especially considered an industry best practice.
Encryption enhances your security by transforming sensitive data into ciphertext. This encrypted data can only be decoded with a unique decryption key. Because of this, even if an attacker managed to steal your customers’ sensitive information, they wouldn’t be able to use this encrypted data in any way.
System and Network Security Protocols
Many of these protocols help to authenticate users and monitor connections between your systems. These protocols also help to secure your data by controlling where it goes within your systems and networks.
In addition, for better visibility into operational risk and compliance, contact centres can use APIs to feed data into various systems across their tech stack, including SIEM (security information and event management) systems.
Final Thoughts on Contact Centre Security
Contact centres play a critical role in dealing with customers’ sensitive data. Many customers reach out to these agents with concerns and questions about their finances, health, and other sensitive matters.
Plus, threats can come from multiple areas — not only from systemic errors but through agent-based attacks like social engineering.
Because of this, it’s essential for contact centres to put up strong security measures to protect your contact centre operations, monitor agent behavior, prevent bad actors from tricking your employees, and so much more.
This blog post has been re-published by kind permission of Talkdesk – View the original post
To find out more about Talkdesk, visit their website.
Call Centre Helper is not responsible for the content of these guest blog posts. The opinions expressed in this article are those of the author, and do not necessarily reflect those of Call Centre Helper.