Skip to main content

Prioritize Your Contact Center Cybersecurity Methods

Image
Byron Copley
Byron Copley Associate Content Strategist

Contact center cybersecurity methods, tools, and common-sense practices to prevent data breaches 

We offer some common and not-so-common contact center cybersecurity methods to help prevent disruption of your business. Hackers continually attempt to breach your contact center’s database. One day, they might break in.   

Presently, worldwide hackers’ infestations assault businesses of all sizes—from global corporations to the esoteric corner shop.   

Data is the new covet, and there’s more than enough for hackers to plunder, disrupt, and restrict while concealed at the kitchen table, basement couch, warehouse desk, and even in the sanctuary of certain foreign government buildings.    

A multitude of cybersecurity methods 

Of course, you know that your contact centers are data gold mines with a wealth of information that cybercriminals want.    

It’s almost instinctive for hackers to stalk your databases. Imagine foxes pacing along the wire of an enclosed chicken coop––circling and probing to exploit a weak spot in the perimeter. Then, they pounce, leaving you to deal with havoc. Security measures do not deter! They are merely in the way until hackers discover a way in.    

Contact centers should employ a multitude of different cybersecurity methods, including those not required by mandatory standards 

Otherwise, it could be ransomware. Like Kronos or Colonial Pipeline. Or a malicious software update á la SolarWinds. Perhaps a Distributed Denial of Service (DDoS) interruption. Maybe even a Telephony Denial of Service (TDoS) occupation. Phishing expeditions still fool enough people for hackers to cast nets targeting millions of email addresses.   

Want information on the scope of worldwide cybersecurity breaches in 2023? Here.   

However, these numbers for October alone tell the sobering story quite well. 

  • Number of incidents in October 2023: 114 

  • Number of breached records in October 2023: 867,072,315 

  • Number of incidents in 2023: 953 

  • Number of breached records in 2023: 5,367,966,200  

Whatever the method of the data breach, your contact center could be next   

According to Identity Theft Resource Center, reported data breaches in the United States in 2023 as of October 11 have already surpassed 2022 numbers. The data types exposed included credit card numbers, Social Security numbers, names, emails, addresses, and dates of birth—in the billions—all accessible in contact centers.    

In the contact center space, virtually all data breaches involve an employee/agent acting as an accomplice—either unintentionally or willingly.    

Here are some more sobering statistics on the cost of cybercrime.   

However, all the news is not this bleak. Many contact centers do apply common-sense safeguards that block backdoors of opportunity. And that’s good—they all just need to do more. Your contact center probably needs to as well.   

Thankfully, our contact center customers consistently ask how to enhance their servers’ security. We hear a lot of encouraging requests because they are the right countermeasures that we, along with our partners, can meet. However, not all our potential customers always raise these concerns, so we remind them.   

Data encryption 24/7/365 

For example, data encryption is usually one of the first concerns raised, accompanied by “Where will you store our data?” Encryption seems like a basic safeguard, yet, according to Statista, 25% of the world’s data that requires security is still unprotected.    

We recommend—and do our part to help ensure—that all our customers’ data is encrypted when at rest, in transit, or in flight to minimize the chances of interception. But keep in mind that hackers monitor internet traffic the way that Frank and Jesse James tracked train schedules, and they both struck when their targeted treasures left the safety of a secure server or a bank vault.   

Even with encryption, hackers can steal customers’ personal information and access their data, so we’re getting added inquiries about technology like phone printing, which can pinpoint the actual location of a mobile phone to prevent Caller ID spoofing.    

Such technology is essential for cybersecurity. Human agents need certainty that a customer who wants to authorize a credit card for overseas use isn’t someone in Reykjavík, Iceland, claiming to be from, for example, Royal Oak, Michigan.    

Detect a scam in progress 

And here’s a pro tip. Contact center managers who monitor the length of every call that reaches an agent can help stop cybercrime before it occurs.   

When an individual call exceeds the expected length, it’s time to consider that a possible scam is in play.  

Could be a vishing scheme, where the caller assumes the identity of a customer or someone in authority, like our caller from Reykjavík. That’s when a manager should check in with the agent for clarification or to help.   

This is especially important with the proliferation of inexperienced agents working at home. To keep costs down, entry-level agents often receive the bulk of deflected IVA and IVR traffic. They need to balance sound customer service with sound security practices, and they shouldn’t rely on their hunches.  

Cybercriminals discover vulnerability 

As a result, voice biometric authentication is gaining popularity because hackers who have already pilfered the answer to “what is your favorite book” will not get past the scrutiny of matching their voice prints to the customers they impersonate.    

With cybersecurity, if a human being is the last line of defense, cybercriminals eventually discover vulnerability.   

It’s one reason our customers request OAuth—an authentication tool that retrieves user passwords from one access point rather than from individual applications.   

OAuth stores all passwords in a single secure location, which helps prevent password theft. It minimizes the chances of agents entering passwords in multiple applications, which reduces the opportunity for hackers to find them. This feature is important when data is integrated from many disparate sources and is displayed on a unified dashboard to supply a single service-enhancing view of the customer.    

Build Your Contact Center Cybersecurity Arsenal 

Another cybersecurity concern we address with our customers is compliance with FIPS 140-2 (Federal Information Processing Standards), which “specifies the security requirements that are to be satisfied by the cryptographic module utilized within a security system protecting sensitive information within computer and telecommunications systems (including voice systems).”    

Many contact centers have contracts with U.S. government agencies and, therefore, need to abide by these stringent requirements.  However, contact centers not affiliated with the federal government should also adopt FIPS-140. This is now becoming the case for many healthcare and financial organizations. It may take some time, but it’s time well spent, because FIPS-140 adds a hard-to-breach security layer.    

How many cybersecurity methods are required? As many as possible. 

Contact centers should also adopt PCI-DSS (Payment Card Initiative Data Security Standard), which, among other things, promotes the encryption of phone conversations to prevent the recording of credit card numbers to unstructured data files like .WAV or MP3.    

Dual-Tone, Multi-Frequency (DTMF) masking and suppression emits an identical monotone rather than the tell-tale sound of individual numbers when a customer enters, for example, a credit card number on a telephone’s keypad.   

Session timeouts also surface as a requirement by contact centers to minimize risks of security breaches. Extended open sessions increase the vulnerability of a database to hackers. Fortunately, proven technology kills the session IDs when the pre-determined auto timeouts activate.   

When you add these recommendations to those spelled out in Aceyus’ 2021 blog, it’s quite an arsenal. Remember: A contact center can never have too many cybersecurity safeguards! 

Social Engineering: Cause #1 of Data Breaches 

Finally, with all the technological advancements and billions spent on cybersecurity, there is no substitute for the application of a little common sense, which is mostly free of charge.  

Common sense is the best method to protect against the largest single cause of data breaches—social engineering.   

According to Proofpoint, a firm that specializes in cybersecurity, more than 70% of all data breaches start with phishing or social engineering. Purplesec pinpoints that number at 98%.  Even the most experienced IT professionals have revealed their credit card numbers, Social Security numbers, passwords, and other sensitive data for exploitation.   

Here’s an interesting statistic from 2018: 43% of all IT professionals claim to have been targeted by social engineering schemes.   

Social engineering is especially destructive in the contact center space, which supplies limitless opportunities for a clever hacker to convince a vulnerable contact center agent to divulge sensitive information.    

Common-sense cybersecurity methods 

With the proliferation of at-home agents, it’s critical to apply a few fundamental safeguards. For example, never write personal customer information on pieces of paper or repeat it aloud with other occupants present. Even something as simple as working in a space with the door closed increases security.    

There are other tools to aid such common-sense measures. We mentioned the effectiveness of phone printing and voice biometric authentication, which takes the guesswork out of who’s on the other end of the line and where they are calling from before the damage is done.  

There are even applications available that end an agent-customer video call if another individual steps into camera view on the agent side. It may seem extreme, but, these days, is anything sacred in the realm of cyberspace?    

Never open unfamiliar website links or emails! 

One last consideration: the more audacious the request, whether on a call, text, chatbot, or email, the more likely it’s a scam designed to create a data breach.  

Case in point: How does anyone know if the person hoisting the 46-inch flatscreen through the main exit of the big box store isn’t simply stealing it? Are you aware that it’s a tactic among thieves to make a bold move like this and see what happens?    

That’s where the TVs are, right? So, why not walk in and walk out?   

It’s the same with the data stored in contact center databases—why not just ask for it?   

Ultimately, then, to prevent virtually all contact center data breaches, never (ever!) open email or website links from unknown or suspect senders or offer privileged information to unauthenticated and unauthorized customers.   

Before you think this is rudimentary advice, keep in mind that more than 3.4 billion phishing emails are sent out worldwide—every single day.    

So, make cybersecurity a high priority for your contact center. Always make hackers work at gaining access to your invaluable data. Keep the foxes out of the chicken coop.  

The best strategy to foil hackers’ attempts to breach your contact center database is to adopt a layered approach that plugs and overlaps all the potential cracks in your cybersecurity plan. Hackers only need one fissure to split wide open, and they will never stop trying to breach cyber perimeters.    

So, never be vulnerable—visit www.Five9.com for more information on how to prioritize and implement your contact center cybersecurity methods! 

Image
Byron Copley
Byron Copley Associate Content Strategist

Call 1-800-553-8159 to learn more about Five9