A step-by-step plan to optimising data security in the contact centre
Hacked business systems, phishing emails, personal customer data becoming public... they’re reported in the media almost daily. It feels as though data security is becoming more and more of a problem. And that indeed turns out to be the case. According to a report by Interpol1), cyber threats have increased enormously as a result of the COVID-19 pandemic, and it is expected that businesses – and therefore their customers – will increasingly be affected by this.
The contact centre is particularly vulnerable in this regard, as that’s where a lot of sensitive information is located. Customer names, telephone numbers, social security numbers, payment information… they’re not always (only) stored in a CRM system in the cloud, but also, for example, on employees' computers and company servers. As a result, potential data leaks can cause major security risks. In this blog you can read what the risks are and how they can be limited as much as possible.
1) Interpol – Cybercrime: COVID-19 Impact (August 2020)
Customer trust
We all know that customer loyalty is by no means a given. Even if the customer is satisfied with a product or service, it does not necessarily mean that they will choose the same company again next time. So your aim should always be to positively surprise your customer. However, the quality of what you deliver is no longer relevant the moment you lose your customer’s trust, e.g. due to a data breach that causes their personal data to be exposed.
It is therefore not only the financial consequences of a data breach (including ransom payments and the costs related to downtime, data loss and system recovery) that can have a huge impact. It is your company’s reputation and the trust of its customers that ultimately matters the most. Customers are simply not very forgiving when it comes to a violation of their privacy. According to a study2) by Gemalto, the world leader in digital security, 70% of consumers would no longer do business with a company following a data breach.
The fact that data breaches are becoming more common and more widely reported in the media means that customers are more aware than ever that data security is no longer a given. They are increasingly taking this into account when choosing a company or organisation. According to ZD Net3), 84% of consumers are more loyal to companies with strict data security.
2) VansonBourne (on behalf of Gemalto) – Data Breaches and Customer Loyalty Report 2018
3) ZDNet: Top 8 trends shaping digital transformation in 2021
Regulations
Since the introduction of the GDPR regulations, the importance of data security has become even more visible. What data is stored, and where? For whom is this accessible? What is being done to ensure its safekeeping? We previously wrote a blog about the importance of data security in the contact centre, especially about the security of a cloud solution.
EU regulations are now also being drawn up regarding mandatory cyber security. The new rules will not only apply to vital companies and institutions such as banks, hospitals, healthcare institutions and utility companies. Other companies with an annual turnover of (at least) 10 million euros and a minimum of fifty employees will soon be required to check their IT systems for vulnerabilities, perform risk analyses, improve their security and make daily backups.
People make the difference
Customer interaction still (largely) relies on human work. It’s the people make the difference after all! Although this is obviously a good thing, at the same time it is precisely that human aspect that can make contact centres vulnerable to data breaches. Because you can't program people. They can – consciously or unconsciously – act carelessly, be bribed or even threatened.
Another risk is the fact that many contact centres still experience a high rate of employee turnover. On the one hand, it means dealing with inexperienced employees who are more likely to fall prey to fraudulent calls, and may not always be aware of the security risks. On the other hand, high turnover means that employee engagement is usually limited, which unfortunately can make people more susceptible to fraud.
The risks
The risks of data leaks are of course not only determined by the human aspect. Technology also entails vulnerabilities. Below are the most common risks contact centres are exposed to:
Denial-of-Service (DoS) attacks
In other words, the "shutdown" of the contact centre by bombarding it with a huge number of calls at once. The reason? Typically, the hackers' aim is to distract the target from another hacking attack, or to demand payment of "ransom" in exchange for ending the attack.
Storage of call recordings and transcripts
Contact centres store recordings and transcripts on servers for training purposes as well as to comply with legal and regulatory requirements, but these servers can be targeted by hackers to gain access to sensitive customer information.
Vulnerable IVRs
This is especially risky if customers are required to leave sensitive information that can be used for identity theft.
Social engineering
This includes fraudulent calls designed to manipulate or mislead employees into accessing accounts, transferring funds or obtaining personal information.
Sale of call recordings or other sensitive data by customer contact employees
This is a potential risk, especially in contact centres with high staff turnover and those where huge numbers of contact centre employees are hired in a short period of time.
Due to the urgent need for new customer contact centres since the outbreak of the COVID-19 pandemic, for example for tracing purposes, vaccination and test appointments, these risks and vulnerabilities have become even more visible.
Tips for better data security
Hackers are opportunistic and they’re becoming smarter and more organised. Fortunately, there are all kinds of security measures that you can take to protect the contact centre against attacks, such as:
Securing endpoints
What matters is that you minimise the chance of errors and fraud by contact centre employees, for example through double identity authentication, VPN encryption, the use of virtual desktops, and the decommissioning of local data storage. In addition, you can limit the risk of data exposure by only allowing contact centre employees to work via a wired connection, and by only allowing network access during working hours.
Compliance with data security standards and regulations
This of course applies to the organisation you work for, but also to the parties that your contact centre depends on, such as suppliers and consultants. Guidelines on the process-based protection of personal and company data against hackers and intrusion are covered by – among others – the ISO-27001 standard and the SOC 2 (Service Organization Control) security standard.
IVR security and customer authentication
Opt for multiple layers of authentication to reduce the risk of identity fraud. Solely relying on the phone number that a call is placed from, or the caller's name or customer number, simply carries to much risk.
Encryption
File, data, and call encryption help keep digital information confidential. In some cases, it is also possible to have sensitive information filtered out automatically before it is stored.
Secure storage of call recordings
During interactions with contact centres, customers share personal information that needs to be protected. While certain tools automatically interrupt the conversation when confidential information is shared, the recordings should also be stored on extra-secure servers.
Company culture
As no single security method is enough to keep fraudsters out, it's important to make sure the contact centre has a layered defence system in place. This way, even if a hacker breaks through one or two layers, it becomes increasingly difficult to bypass the entire security system.
Apart from the technical measures that you can take, data protection must of course be part of the company culture right down to the deepest layers of the organisation, and employees must be regularly trained on the risks and consequences. In addition, it is extremely important to aim for maximum employee engagement. We recently wrote a blog about this. The greater the level of engagement, the smaller the chance that employees will purposefully misuse the customer data they have access to.
Do you have questions about the security of customer data in your contact centre? Let us know! Our experts not only know the ins and outs of the various contact centre solutions, but they also have a lot of experience with data security customisations.
About DDM
At DDM Consulting, we understand that a 'one size fits all' approach is unthinkable when it comes to choosing a customer contact platform. After all, every organisation is unique! That's why we offer you a wide range of renowned contact centre solutions, and provide advice based on over 20 years of experience in customer contact.
Evolution, not revolution
Together with you, we’ll evaluate your current contact centre processes and your requirements for the new platform. We’ll advise and assist you in developing more efficient workflows, driven and supported by AI wherever possible. Based on your priorities, we’ll create a dynamic roadmap that makes the transition to a new, improved contact centre manageable.
Proactively embracing cutting-edge technology
This roadmap remains central to the project, even after the new platform is up and running. It evolves with changes within your organisation and developments in contact centre technology. Our experts assess every new release to determine its value to you as a customer. They take the initiative, ensuring you always have the relevant knowledge at your fingertips.
Creative solutions for better customer contact
And if you're looking for specific functionalities that aren't (yet) available on the chosen platform, there is plenty of scope for in-house development of add-ons tailored to your needs. Our team possesses the business and technical expertise to achieve the maximum potential, even if you've opted for an out-of-the-box solution.
DDM Consulting provides the proactive and creative approach to your CX evolution!