The COVID-19 pandemic has left everyone vulnerable. The new work-from-home contact centre environment, while providing safe business continuity, has exposed many agents to an unfamiliar environment. Agents are now more vulnerable to nefarious actions from cybercriminals who hope to take advantage of the crisis, while leaders are scrambling to regulate the technology they’re deploying. A proactive stance toward security is needed protect and educate agents and customers.
TTEC’s webinar, COVID-19 NOW: Secure CX for the New Normal, led by Chief Information Security Officer Kip James, focused on how to keep enterprise systems, remote employees and customer interactions safer. Here are four strategies from the webinar to help make your contact centre more secure now.
1. Analyse surroundings
The controls you used to have in physical contact centres over limited electronic media, camera surveillance, clean desks and hardware have changed in this new remote environment. Assess the situation and understand what you can manage outside of the call centre walls. It’s critical to analyse three factors related to security:
- The people: What is the security impact of moving agents from an area with many controls?
- The process: What do you need to change to make sure policies are adhered to at-home?
- The technology: What can be done to allow systems to be more secure remotely?
Once you understand the current situation it’s time to act.
2. Control what you can
The biggest security risk is not the computer, but the human being behind the keyboard. The sudden move at-home brought about rapid changes to how agents work. The absence of daily reminders, coworkers and familiarity of a brick-and-mortar setting means you need to readdress learned behaviours and input new security controls at-home:
- Alternative monitoring: Managers need to utilise webcam platforms to communicate face-to-face with agents and asses their working environment. There needs to be constant communication between leadership and their teams.
- Adherence to restrictions and data handling: Retrain individuals on what is expected of them when working from home. Retrain agents with refresher courses in security and compliance so they understand what is acceptable in their new workspace.
You cannot replicate a perfect, brick-and-mortar environment. Understand the factors you can take under your wing and go with it.
3. Compliance ≠ Security
Traditional companies don’t have what they need for security today. Organisations can say they are complaint to regulations but without due-diligence across the board you are open to cyberattacks. To protect customer data, rethink and modify how you:
- Hire and screen new employees: Typical screening processes such as drug tests will be challenging in the current climate. When looking for talent consider scanning for social behaviours, i.e., how does this person interact with others, how does their social media look, what can you find that gives you cause for not hiring?
- Provide access to information: Give people access only to what they need. Enabling least privilege access means agents can only obtain certain information if they have been authorised. This helps enforce a heightened level of accountability for sensitive data in private and public sectors.
It is crucial in the upcoming months that security teams constantly monitor and revaluate where organisations are complaint and who has administrative privileges. If something is out of order you need to act fast.
4. Secure your technology
In last few months it’s not just the people that have moved but also the technology. We need to strongly consider how the applications brought home or already in place are a part of security processes. This can be enforced by using:
- Hard drive restrictions: Ensure that agents are not able to write anything onto their hard drive. Systems need to be VPN-enabled first.
- USB media: Malicious malware on USBs is the easiest way for your system to get compromised. That’s why it’s suggested to disable storage devices on agent’s desktop.
- System monitoring: Deploy real-time malware analysis for data loss prevention and forensics.
- VPN multi-factor authentication: Utilising two-factor authentication is safer than relying only on a password for protection. Two-factor setups are incredibly important for tracking who has access to cloud systems hosting sensitive data.
Watch the full webinar, COVID-19 NOW: Secure CX for the New Normal, to learn the key steps brands need to take to mitigate risk in their operations.