Has Working from Anywhere Compromised Contact Center Security? Chances Are, Yes.
You've managed to get your contact center employees working from anywhere over the past few months, but at what costs? And with what known, or unknown, trade-offs? Well, according to Aberdeen's June 2020 report, "The Intelligent Contact Center", it's cost a decrease in staffing capacity (27%), a loss of visibility from security policies (18%), or for an uncomfortable majority, operating without any customer data security processes in place (60%).
Let that sink in for a moment. The majority of organizations surveyed enabled their contact center employees to operate from anywhere without a plan for protecting customer data. A risky move with long-term impacts that are yet to be revealed. We should all agree, however, that responsible contact center, IT, and communications leaders in these organizations will do something to ensure that they have a sustainable plan for working from anywhere and protecting customer data. But, what's the right something when it comes to balancing security, costs, and customer experience?
The weight of this decision is significant and the potential risk is real. Inadequate security and lack of compliance in a contact center can lead to serious consequences. Data breaches make headlines and affect reputations. Privacy violations put companies at legal risk. Downtime results in lost revenue. Recovering from hacking or fraud can be costly and sidetracks management’s attention.
To further complicate the challenge, you’re aiming at a moving target. New security threats are constantly emerging. What do you need to know, from a security perspective, as you navigate your contact center through the cloud? How can you be confident that customer data is secure when contact center agents operate from anywhere?
What do I need to know?
As you evaluate a cloud-based contact center, look for a vendor who is willing to have frank conversations about adherence to compliance requirements and what they do to achieve them. As an example, failure to conform to laws like the Federal Information Security Management Act (FISMA) could jeopardize a company’s ability to do business with government agencies or security-conscious financial firms. If a vendor discusses security adherence in vague terms, take it as a clear warning sign to steer clear and avoid doing business with them. You will want to confirm that whatever solution you select addresses the following three areas.
- Follow best practices for encryption and collaboration. Not all cloud systems are built equally. Poorly-written APIs and weak identity access management can expose businesses to unnecessary risks. A key area of focus should include encryption; ensure the solution you select has encryption both at rest and in transit. You’ll want to be sure your solution enables agents to collaborate across the business. You can check the US National Security Agency guidelines for best practices in selecting and safely using collaboration services for telework.
- Ensure adherence to regulations. Regulatory requirements depend on your industry. It’s important for your cloud-based service provider to comply with key standards such as HIPAA, PCI, FISMA, and all others relevant to your business.
- Look for 3rd-party verification. Ensure your service provider maintains verifiable 3rd party certifications. In-house verification may not encompass the full scope needed to feel confident the solution is secure.
How is the landscape of security threats changing?
Security threats continue to increase in sophistication and frequency. According to Forbes, data breaches exposed over 4.1 billion records in the first six months of 2019 alone. Over 3800 separate incidences of data breaches occurred in 2019 globally, and the number of data breaches in 2020 is expected to surpass 5000.
When you reduce the number of service providers comprising your solution, you reduce your risk. As part of your cloud contact center evaluation, ask providers which components of the solution are native and which are provided by other vendors. A single platform for all components (unified communications, contact center, video conferencing, and meetings) means better security, as the vendor has unobstructed access to the infrastructure and application stack in order to monitor, detect and respond to threats quickly.
What do you need to think about with work-from-home agents?
The earlier cited Aberdeen study also noted that 62% of respondents plan to increase their number of contact center employees working remotely within the next twelve months. If you find yourself in this majority, or frankly–whether your employees are at home or in the office–there are some important security considerations.
- Provide company laptops for remote workers, as their own devices may have security vulnerabilities
- Use virtual payment systems rather than having customers give credit card information
- Use multi-factor login authentication for an added layer of security
- Provide password managers to keep passwords hidden
- Ensure systems are updated with the latest patches and antivirus protection
- Use a VPN for connections directly into company systems
How can you be confident that sensitive customer information is secure with work-from-home agents?
Basically, by following similar security procedures as if your work-from-home agents were in the office. When taking customer credit or debit card data, ensure the provider you use for payments meets the highest security standards. They must, at the very least, be PCI DSS (Payment Card Industry Data Security Standard) Level 1 Service Provider certified. PCI DSS has been published and maintained by the PCI Security Standards Council since 2006 and is endorsed by Visa, Mastercard, American Express, and others as the minimum security requirement for handling credit card transactions.
For example, 8x8 Secure Pay enables agents to simply and securely handle payment authorizations required to meet PCI DSS compliance by prompting customers to enter card data using their telephone keypad. Cardholder data is captured in the cloud and sent directly to the payment processor without ever being accessible by agents.
Should I transition to the cloud now, or wait?
The time is now. Over the past few months, we’ve learned that the businesses that are the best set up for success are those who’ve transitioned their communications to the cloud. And, as security threats continue to rise, select a provider who will handle infrastructure security for you. They’ve invested hundreds of millions of dollars to make their platform safe. Piggyback on their investments and reduce the pressure on your own IT teams to keep your company safe and compliant at all times.
How can I learn more?
As you navigate operating your business from anywhere and, as a result, find yourself evaluating cloud-based contact center vendors, we’ve developed a number of resources to help you along the way.
This “Evaluating Security, Compliance, and Reliability in Cloud Communications” checklist is designed to launch the discussions you need to have with each communications provider you evaluate. You can also reference this “Straight Talk about Cloud Communications Security, Compliance and Reliability” white paper for more information about these critical topics.
Lastly, we’re in the midst of releasing a new guide to help business leaders like yourself stay open for business as they learn to operate from anywhere. This week, we’ve released a new chapter that dives into the cost/customer experience highwire act and highlights some of the research data that we’ve shared in this blog. Click here to learn more about achieving cost/CSAT balance while not compromising on your business’s ability to collaborate effectively.