Year over year, companies are finding themselves under attack by cyber threats from ransomware to Distributed Denial of Service (DDoS) and Telephony Denial of Service (TDoS) attacks. In 2020 alone there were almost 4,000 reported data breaches compromising 37 billion records per a report from Risk Based Security.
It goes beyond just data breaches. A network can be compromised in many ways. In 2020, CyberNews hacked 28,000 unsecured printers worldwide and had them print out a guide to securing their printer. This was a relatively harmless hack but it’s still a prime example of how easy it can be to infiltrate a company’s seemingly secure network.
New technology is allowing new ways for fraudsters to access your data. The methods of cyber criminals are ever-evolving and if they find a way into your system, it will cost your contact center money, time and credibility.
Why a heightened focus on cybersecurity in contact centers is critical
Contact center security has changed dramatically in recent times. For years, the focus for call center protection was making sure the data was secured on-premise in a closed network. This is no longer the norm. Companies worldwide continue to switch to the cloud with remote work becoming more prevalent, accelerated by the 2020 Coronavirus pandemic. Cloud contact centers have many benefits including increased uptime, cost savings and ease of access from anywhere in the world. It’s becoming easier every day to make the switch to the cloud.
As the world continues to recover from the last year, we see the trend of working from home sticking around. Companies such as Verizon are hiring permanent work-from-home call center representatives; remote contact centers are a practice that will be around for years to come.
What does that mean for data security? Contact centers house sensitive data for millions of people in multiple locations which are now accessible from your teams’ homes and phones. Remote workers create a new set of challenges in cybersecurity protocols and new opportunities for data breaches to occur. Whether your contact center is moving fully remote or is becoming a hybrid center, understanding how your customer data and privacy is at risk will help you build a multi-layered security strategy.
What this means for your contact center
The average cost of a data breach is $3.86 million dollars per a 2020 report from IBM. With today’s omnichannel communication, it is even easier for fraudsters to find potential security threatsin a system. One crack can cause a security ripple effect which can impact your entire organization. Don’t be the next news story about how consumer data was compromised. Take the time now to implement strategies to secure your customer’s data, no matter where it’s stored.
10 best practices for contact center cybersecurity
The time, money and loss of credibility after an attack can be devasting to a company. Spend the time and effort now on implementing strong call center security standards for when your company is targeted. Here are the top ten best practices you should consider in your contact center security plan.
1. Be proactive, not reactive
- Don’t wait to have a full system in place until after an attack. Go into your cybersecurity planning with the mindset that you will be attacked any day. Regularly conduct penetration testing to understand the real risks and plan your security strategy accordingly.
- Have a written cybersecurity policy for the entire company. No matter the size of your company, a thorough and written cybersecurity guide will give a sharable focus for employees. The Illinois state government website provides a great cybersecurity policy template to use as a starting point for your hierarchical approach.
2. Adopt a Zero-Trust Model
- “Never Trust, Always Verify.” This is a significant departure from traditional network security, which follows the “trust, but verify” method. Zero-trust models assume that breaches happen and verifies each request, no matter where it originates, as though it is coming from an open network.
- Only grant as much access as needed to perform a task. For example, an agent able to access a customer’s activity history while in an active interaction, but not able to once that conversation is complete.
- Continuously monitor and validate a user has the right privileges and can access only the information they need.
3. Use Multi-Factor Authentication (MFA) internally and externally
- It’s important to make sure the person logging into the network is who they say they are. MFA will ensure proper authentication to allow only trusted connections to endpoints. That way even if a password is compromised, a malicious actor would still need a second or third factor of authentication to access the system.
- Not all compromises come from someone getting into your internal network. Data thieves can trick your contact center agents by knowing your customer’s personally identifiable information (PII). By tricking your agents, fraudsters can get access to client accounts and information, even through your IVR system. MFA can help prevent that and secure your center against social engineering techniques.
4. Back up and encrypt your data
- Back up and secure your data regularly. Ransomware attacks can hold your contact center hostage if you don’t. A 2020 study by Sophos of over 5000 organizations found that 94% of organizations hit with a ransomware attack managed to get their data back. 51% of these organizations did so by using backups. The United States Computer Emergency Readiness Team has provided a document detailing different data backup options for your organization.
- Provide encryption for both data at rest and in transit (end-to-end encryption). Know where your data is traveling and that you have a system to continuously encrypt it at each point in its journey.
5. Secure your access points
- Make sure both your office and remote workers are connected securely. Simple things such as connecting to a secure Wi-Fi network and not an open one can lower the risk of your company’s data being intercepted.
- A company-approved firewall should be used both on-prem and remotely. Make sure company-approved firewalls are not only installed but updated regularly on company devices, especially for remote workers.
6. Keep an eye on activity in your system
- Automate defenses so your organization can achieve reliable, scalable, and continuous measurements. Automated processes, such as security scans and program updates, make it easier to have a constant guard against unwanted access all hours of the day.
- Employ user activity monitoring to record actions taken inside your network and have alerts in place for suspicious activity. Just like customers’ data can be compromised, employee credentials can be compromised as well.
7. Don’t forget the basics
- Sometimes it’s the most common things that can lead to compromised company‘s data. Password management is a simple key to protecting your data. Make sure there is a regular system for employees to reset their passwords and not use default passwords for onboarding. Default passwords can easily be shared online and many employees may not change their default password until they’re told to. The National Cybersecurity and Communications Integration Center has created a set of suggestions for creating and protecting passwords.
- It’s not just digital keys that are important. One in four data breaches come from lost or stolen devices. Have a system in place to account for company devices, regularly check it and keep it updated as employees are brought on or leave.
- Keep your programs updated. Many programs have regular updates to increase their security against new threats that appear every day.
8. Plan for the Internet of Things (IoT)
- Smart devices and Wi-Fi connected tools have become a mainstay of the office and our home lives. Make sure employees and IT departments change default passwords on devices attached to their networks. Don’t use default hard-coded credentials – commonly used passwords are easy to find on the internet.
- Develop a scalable security framework to support all IoT deployments. The IoT Security Foundation has listed their recommendations and updates their framework as technology evolves.
9. Educate and empower employees
- Employees are the front line of defense, especially in contact centers. From protecting customers’ data from malicious intent to protecting the network through safe computer practices, an educated employee is a strong defense.
- Make it a policy to report suspicious activities and contacts. Phishing is still a widely-used practice for data thieves. A single employee can cause a data breach through clicking a corrupt link in an email. Teaching employees how to look for these threats and report them will protect your company.
- You can find information and free employee training and awareness on the US Department of Homeland Security website.
10. Keep up on cybersecurity trends
- Security plans are not an end-all be-all for data protection. Technology changes every day. Keep up with the changes and update your cyber security plan as needed. Even old criminal techniques such as phishing emails are becoming more complex yearly. Make sure someone on your team oversees making sure employees are informed and customers are protected.
- The FCC has a great guide for getting started planning your cyber security system.
Follow proper cybersecurity practices to ensure your contact center is secure from threats.
For all the data streams coming into your contact center, use Aceyus to aggregate your data quickly and securely. Contact the Aceyus team today to see how your contact center can be protected by the Aceyus Vault.