Contact centre security in the cloud - how can you best protect your customer's data?
Ralph Echemendia discusses the best practices for ensuring security of customer data for a contact centre in the cloud
Ralph Echemendia, ‘The Ethical Hacker’
According to the National Crime Agency, UK cyber-crime now tops traditional crime in terms of impact. Clearly, protecting customer data is a major priority for businesses today.
Cyber-criminal groups are now mirroring legitimate organisations in the way they operate to extract money from unsuspecting victims. They're becoming more sophisticated and strategic in their approaches with scammers now working with large networks of partners, associates, resellers and vendors. Some groups even deploy contact centre operations to ensure maximum impact on their scamming efforts of extracting money or personal information. Tech support scams for example have become prevalent over the last few years, with Symantec reporting that it blocked 100 million fake technical support scams in 2015 alone.
When it comes to security in the cloud, contact centres are the world's bank of personally identifiable information. From shopping to paying household bills, consumers are constantly asked to confirm private details with call centre agents. These details include everything from credit card numbers to passwords, usernames, pin codes, routing numbers and so on. This means that contact centre databases contain a wealth of information -- a goldmine for cyber-criminals hoping to use them in a malicious way. Not only are we constantly providing personal information to a third party, the information is often stored externally in the cloud, with cloud security continuing to be a hotly contested issue.
Today's consumer is left wondering exactly how safe their data is. And contact centres – whether storing customer data onsite or in the cloud – must make this a top priority.
With this in mind, some of my contact centre best practices for ensuring security of customer data are:
1. Contact Centre technology
Ensure that contact centre staff are using the latest technology to engage with customers and that all staff are in the know about both security and technology updates. Always be sure that all agents understand and operate by the security guidelines when it comes to accessing and sharing customer details.
2. Infrastructure security
This is an obvious necessity to protect customer data from cyber-criminals, and needs to be in place and constantly updated and tested. Customer engagement cloud services such as PureCloud from Interactive Intelligence take the approach of building security into the design rather than securing a designed system. This has a crucial impact on security.
3. Use of multiple layers of protection
To truly secure a customer's document, multiple security layers are required, to the point of encrypting and protecting each individual document even if it resides on a secure network. Access management and encryption are the most effective ways to achieve security for stationary data. A solid security strategy should combine data loss prevention (DLP) software and encryption.
4. Always-on support, testing and transparency
A cloud provider's business depends on being available 24/7, constantly testing its security, and being transparent about it. For example, Interactive Intelligence hires third-party penetration-testing firms to look for holes in its security system and then publishes the results on its website.
5. Ensure there is a strong identification policy
Both agents and customers need to be educated on the value of using only strong passwords and the risks of using easily guessed ones. Biometrics identification such as fingerprints or iris recognition is also helping to strengthen security. Barclays is one example of a company rolling out voice biometrics at its contact centres to bolster security while simplifying the ID process for customers.
6. Security Awareness
Security awareness is all about providing knowledge and creating a culture within an organisation that enables the protection of the physical, and especially informational assets. Many organisations require formal security awareness training for all employees when they join the organisation and periodically thereafter, usually annually. But it is as important to incorporate awareness into the support process, that way customers also learn about what a company does and doesn't do when it comes to their customer data. We all need to be more aware of where our data lives and how it is used.
By taking heed of these security tips, contact centres will be able to focus on delivering a positive customer experience and also carry out the best practices needed to safeguard customer information.
Contributed by Ralph Echemendia, ‘The Ethical Hacker'