Your brand reputation is built on trust. Data breaches and non-compliance have the ability to quickly erode public trust in your brand, negatively impacting your reputation and incurring unnecessary costs. So how do you protect your organisation’s data, your customer data and remain compliant across your customer service operation?
Nearly three quarters of all business data breaches require public disclosure. But as well as negatively impacting your reputation, a data breach can really hit your bottom line. IBM research puts the average cost of a data breach to organisations at $3.86 million.
The unprecedented events of 2020 created a perfect environment for cybercrime with the swing toward home working and online shopping. Also, the stress and insecurity caused by COVID-19 markedly increased opportunities for data breaches. As a result, cybercriminals shifted their attention away from unfocused or blunt-force attacks and toward ransomware and phishing attacks aimed at accessing businesses with stolen logins and passwords.
Phishing, ransomware and malware together accounted for over 70% of all publically reported data breaches caused by cyberattacks in the U.S. in 2020, making them a primary focus for every contact centre operation in 2021.
Therefore, it’s critical that brands focus on four key areas of data security and compliance in their contact centre operations when mitigating the risk of a breach.
Well-documented policies and procedures ensure nothing is left to chance and the approach is consistent across teams, locations and geographies. This is the starting point for enhanced data security and compliance. These documents should be written in clear, easy-to-understand language, encompassing work-at-home agents as well traditional brick-and-mortar contact centre operations. They should set out why a certain action should be taken – and how it should be undertaken – and the risks involved in non-compliance. They should also set out how adherence is monitored and the consequences for non-adherence.
Contact centres adhere to a number of security standards including the International Organisation for Standardisation (ISO) standards, Payment Card Industry Data Security Standards (PCI DSS) and system and organisation controls (SOC) certifications. If you work with a third party for your contact centre services, ensure their policies and procedures complement your own and reflect your specific needs.
Rules and regulations vary by country and region. To remain compliant, you must understand the requirements of each region in which you operate. Outsourcing partners can help you to remain compliant across your various markets and stay ahead of changing legislation.
Contact centres by their nature collect vast amounts of customer data. This data enables you to build strong relationships through targeting and personalisation, but ensuring customer privacy is maintained by securing that data is also a must. While Europe has a common data privacy and security law in General Data Protection Regulation (GDPR), the U.S. has yet to take action on a federal level. This leaves each state to chart its own course and organisations with the burden of ensuring compliance with differing approaches as individual states roll out their own laws.
With cybercriminals prioritising phishing attacks, it is more important than ever to ensure your contact centre staff are aware of the threat and ready to act. Frequent and recurring training opportunities keep potential scams front of mind, while random planned phishing attacks led by your internal teams test adherence to policies and procedures and highlight any weak links that require additional focus.
It is easy to imagine that cybercriminals are seeking financial information, but Symantic data highlights that intelligence gathering motivates 96% of social engineering attacks. This demonstrates the need for vigilance across your contact centre operation to ensure agents are not disclosing personal information, such as the answers to security questions, which could then be used to access accounts elsewhere. This is especially unsettling because 65% of U.S. consumers admit to reusing the same password and login information across multiple accounts.
Tools and technology are an effective weapon in the fight against cybercriminals and those with mal-intent.
The risk of a data breach is growing all the time, but so are the tools, technologies and procedures required to provide protection and keep your brand reputation unscathed and untarnished.
Large call centres employ “white hat” hackers who attempt to penetrate their networks to highlight and address any potential weaknesses before a black hat hacker finds them.
For organisations without the resources to put behind such activities on their own, this robust approach can be one of the many benefits of outsourcing contact centre operations.
While many organisations worry about the security of cloud-based solutions, cloud applications and infrastructure do not pose a greater threat to data theft than traditional networks and data centres. In a McAfee survey, 75% of organisations surveyed were using a hybrid cloud/on-premise approach or a cloud-only approach for their data storage. The same study showed that 63% of breaches experienced occurred on traditional networks.
This suggests that cloud-based solutions offer secure solutions, possibly more so than many traditional solutions. The key is ensuring your cloud-based infrastructure is secured. The Identity Theft Resource Centre identified that failing to configure cloud security was the leading reason for human and system error-driven data breaches.
No matter how robust your policies and procedures, they will not protect your customer data if you do not properly configure the tools. Internal teams may lack the necessary resources or know-how, or organisations may believe that configuring tools will cause inconvenient or unnecessary restrictions for staff. So make sure your IT teams are appropriately resourced, trained and supported, or work with a third party who has the know-how you need.
Technology is evolving at a rapid pace. Today artificial intelligence (AI) can be deployed to help you to identify risks and ensure compliance.
Speech and text analytics can be deployed across voice and non-voice contacts to “listen” to conversations. These analytics can flag language that indicates potential social engineering or highlight where an agent is requesting personal details which are unnecessary for the task at hand. Geolocation technology can be employed to identify when contacts are reaching out from an unusual location, such as calling from overseas or even outside of their home town, indicating they may not be the customer they claim to be. Flags can also be triggered if a customer makes contact at an unusual frequency, which can be an indication of social engineering in progress.
AI can also support risk management in your work-at-home agent population. Geolocation and time-based authentication ensures agents are logging in following anticipated shift patterns and from agreed locations. Face authentication ensures only your agent logs in and that it is your agent that remains at their computer. It can also identify if other people are present and automatically lock the terminal and flag the issue if other faces are identified.
Learn more about how EXP+™ Engage from Sitel Group® elevates the power of human connection to secure your brand reputation with security and fraud detection solutions and EXP+ Explore to uncover hidden insights from across your contact centre operation to mitigate risk. EXP+ Engage and EXP+ Explore connect seamlessly with solutions across EXP+ to simplify the delivery of end-to-end CX services, while boosting efficiency, effectiveness and customer satisfaction.