Having comprehensive security requirements in place is vital for the success of every contact center. Customers must be assured that their personal data is in trusted hands and remains inaccessible to all except for those who need it. Having effective call center security measures and practices not only prevents breaches by cybercriminals phishing for customer details, but also helps to avoid any compliance issues that could lead to fines and penalties, and the loss of reputation and trust.
Keep in mind that protecting your customer’s privacy is not simply a matter of integrity and responsibility, that privacy is also protected by laws that every contact center must be aware of and adhere to. Your call center security protocols, are as much about meeting your customer’s needs and expectations as they are in meeting your own. Here are 8 important factors your contact center should be aware of to ensure your customer’s data is protected at all times.
1. Internal and External Threats
Be aware that call centers are plagued by internal threats as well as external ones. Most internal threats are the result of human error, oversight, or accident. An agent may unknowingly open a link in a phishing email that inadvertently downloads a Trojan horse that can access data. An agent may go on break and leave customer data exposed for all to view. Occasionally, a disgruntled employee may attempt to steal private data for personal gain. Prudent call centers have processes in place to eliminate or mitigate impacts of such actions.
External threats are attempts by cybercriminals to infiltrate a call center’s security measures to steal or gain access to a company’s or customer’s data. Dedicated hackers look to exploit vulnerabilities within a company’s network to bypass endpoint and network security technology. Some cybercriminals will pose as a customer to a call center agent to try and gain access to the customer’s personal information. Referred to as Account Takeover (ATO), this criminal activity is nothing more than the age-old practice of identity fraud.
2. Two-Factor Authentication
A sure way to protect against threats is by following Personally Identifiable Information (PII) security protocols. PII allows agents to double-check the credentials of callers, protecting both the customer’s account information and the agent from an ATO. One of the best security protocols to protect customer accounts is through two-factor authentication (2FA) processes. After initial screening of security questions, live agents send customers a one-time security code, usually numeric, to their mobile phones via SMS or an authentication application. This verifies that it is actually the customer agents are interacting with. Customers that log into their accounts with usernames and passwords, or use web chat, can have a security code sent to their phone, email, or app for verification. Whether calling or logging, two-factor authentication is a proven method that provides an extra layer of security to prevent cybercrime and ATOs for both agent and customer peace of mind.
3. Encrypt all Data In-Motion or At Rest
Another important contact center security measure is to ensure that all data is encrypted. Sensitive files and data should never be left exposed on your system. Whether in-motion or at rest, information exchanged or stored on any network is information vulnerable to attack—intranet or internet. Whenever information is left exposed, it allows hackers to employ man-in-the-middle attacks or spoofing techniques to gain access to sensitive data passed between employees, services, and databases. Once a computer or server is hacked, cybercriminals can easily read and copy unencrypted files. Encryption technology protects customer data as well as your own system from prying eyes. Essentially, encryption renders data illegible without users first logging into the system with a password or entering a decryption code. SSL certificates, TLS, and VPNs also help to secure information when in transit from one point to another.
Protecting customer information is a major call center security requirement for good reason. As the central communication hub between businesses and their customers, call centers routinely acquire, process, and store highly sensitive and valuable PII such as date of births, social security numbers, addresses, bank details, and credit card data.
In protecting sensitive customer information, call centers must adhere to the laws and regulations that protect all the personal data that they handle. In particular they must be PCI-DSS (Payment Card Industry Data Security Standard) and HIPAA (Health Insurance Portability and Accountability Act) compliant.
As the name implies, PCI DSS is the credit card industry standard administered by pcisecuritystandards.org, an independent body that was created by the major payment card brands to help prevent credit card fraud. PCI compliance requirements hold companies responsible for ensuring all transactions, whether over the phone or on the web, are secure. Call centers must adhere to several protocols. For example, they must build, maintain, and monitor a secure network, encrypt customer data, ensure systems and applications have the latest software updates and are protected by antivirus software among other security measures. Non-compliance with PCI will surely lead to loss of revenue and reputation, and monthly penalties starting at $5,000 per month.
Patient medical records are protected by HIPAA. Such records contain an immense amount of valuable and permanent personal information prized by cybercriminals. From purchasing drugs to filing fake insurance claims for reimbursement, medical records are highly valued because they are a true representation of your identity.
By federal law, contact centers that provide any direct or indirect services that handle, store, or process patient health information (PHI) must be HIPAA compliant. Verified names, patient addresses, their social security numbers, diagnosis codes, their provider’s contact information, and any other PHI data is subject to the standards, regulations, and policies set forth in HIPAA. Routine phone calls, email messages, even appointment reminders must be handled securely by call center agents to protect PHI. Non-compliance with HIPAA can also result in civil and criminal penalties, including up to $50,000 per individual violation, and a maximum penalty of $1.5 million for companies per calendar year.
5. Limiting Access to Information
Not every agent or employee needs access to every piece of data stored on the system. Information stored on call center servers should only be available on a user-by-user basis. Your IT security team can link specific user parameters to each user account. This ensures that certain types of information can only be accessed by those who need it.
6. Provide Agents with Data Security Training
Because agents are entrusted with sensitive contact center data, as a measure of security, it’s imperative that they are properly trained in managing it. To avoid compliance issues, prevent mistakes, and to maintain customer trust, providing initial and ongoing data security training for agents is critical in meeting your contact center security needs.
7. Quality Assurance
Your call center’s quality assurance measures ensure that a consistent customer message and experience is aligned with business goals. As it relates to security protocols, it allows team leaders to make sure agent interactions with customers are compliant. Any lapses should be identified and corrected to avoid any further compliance issues.
8. Reduce Human Error with Software & Technology
Factoring in human error should be a concern for every call center. From innocently opening malware to clickbaiting a suspicious link, human error is the cause of nearly 95% of cybersecurity breaches for companies. Human error will never be fully eliminated, but it can be mitigated. Reducing human error in your contact center begins with leveraging software and technology to your advantage. Today’s technology offers an opportunity for contact centers to interact with customers over multiple channels—mobile, apps, chat, email, and voice—in a secure manner.
When selecting a contact center partner, make sure to ask about their security measures and determine if they align with your requirements. Telecom, Inc. has been providing contact center services while maintaining the highest security measures to leading brands, across numerous industries, for nearly thirty years. Contact us for a no-obligation complimentary consultation about our services and how we can help you achieve your program objectives.