The new work-from-home contact center environment provides safe business continuity, but it comes with security concerns. Agents are more vulnerable to nefarious actions from cybercriminals who hope to use the crisis as a lure for ransomware and phishing scams. And remote work has leaders scrambling to secure data and regulate the technology used by agents.
TTEC’s webinar, Secure CX for the New Normal, led by Chief Information Security Officer Kip James, focused on how to keep enterprise systems, remote employees, and customer interactions safer. Here are four takeaways from the webinar to help make your contact center more secure now.
1. Analyze surroundings
The controls you used to have in physical contact centers over limited electronic media, camera surveillance, clean desks, and hardware have changed in this new remote environment. You need to assess the situation and understand what you can manage outside of the call center walls. It’s critical to analyze three factors related to security:
- The people: What is the security impact of moving agents from area with many controls?
- The process: What do you need to change to make sure policies are adhered to at-home?
- The technology: What can be done to allow systems to be more secure remotely?
Once you understand the current situation it’s time to act.
2. Control what you can
The biggest security risk is not the computer, but the human being behind the keyboard. The sudden move at-home brought about rapid changes to how agents work. The absence of daily reminders, coworkers, and familiarity of a brick-and-mortar setting means you need to readdress learned behaviors and input new security controls at-home:
- Alternative monitoring: Managers need to utilize webcam platforms like Zoom to communicate face-to-face with agents and asses their working environment. There needs to be constant communication between leadership and their teams.
- Adherence to restrictions and data handling: Retrain individuals on what is expected of them when working-from-home. Retrain agents with refresher courses in security and compliance so they understand what is acceptable in their new workspace.
You cannot replicate a perfect, brick-and-mortar environment. Understand the factors you can take under your wing and go with it.
3. Compliance ≠ Security
Traditional companies don’t have what they need for security today. Organizations can say they are complaint to regulations but without due-diligence across the board you are open to cyber-attacks. To protect customer data, rethink and modify how you:
- Hire and screen new employees: Typical screening processes such as drug tests will be challenging in the current climate. When looking for talent consider scanning for social behaviors, i.e., how does this person interact with others, how does their social media look, what can you find that gives you cause for not hiring?
- Provide access to information: Give people access only to what they need. Enabling least privilege access means agents can only obtain certain information if they have been authorized. This helps enforce a heightened level of accountability for sensitive data in private and public sectors.
It is crucial in the upcoming months that security teams constantly monitor and revaluate where organizations are complaint and who has administrative privileges. If something is out of order you need to act fast.
4. Secure your technology
In last few months it’s not just the people that have moved but also the technology. We need to strongly consider how the applications brought home or already in place are a part of security processes. This can be enforced by using:
- Hard drive restrictions: Ensure that agents are not able to write anything onto their hard drive. Systems need to be VPN-enabled first.
- USB media: Malicious malware on USBs is the easiest way for your system to get compromised. That’s why it’s suggested to disable storage devices on agent’s desktop.
- System monitoring: Deploy real-time malware analysis for data loss prevention and forensics.
- VPN multi-factor authentication: Utilizing two-factor authentication is safer than relying only on a password for protection. Two-factor setups are incredibly important for tracking who has access to cloud systems hosting sensitive data.
