ICMI is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


6 Critical Elements for Contact Center Security

lockedTo build up a strong cybersecurity defense for your contact center network, you must identify exactly how customer data and privacy may be at risk. Understanding the risk profile will help contact centers deploy a multi-layered security strategy – a core necessity for comprehensive defense against evolving cyber threats.

Why is Security Improvement So Important for Contact Centers?

Here is the baseline for any contact center security framework – it’s not enough to be Payment Card Industry (PCI) compliant. PCI compliance protects credit card data and its protection ends there, leaving the rest of the numerous contact center processes and data flow channels completely vulnerable. Your protection plan needs to extend to cover all data submitted and generated by customers. Furthermore, the protection needs to cover everyone from the business or organization to associates and customers. A single point of vulnerability can result in security impact much further along the chain.

Here is where the risks can come from:

Personally Identifiable Information (PII)

Contact centers have a notorious reputation for relying on PII to verify caller credentials. Unfortunately, PII can be compromised in a number of ways, including previous breaches at completely unrelated organizations or businesses. If these details, which can include anything from SSNs or bank card numbers to customers’ DoB or email addresses, have already been leaked, the contact center’s customers immediately become a target. This is why social engineering (the gleaning of personal information nefariously through seemingly harmless human interaction) has become such a commonly used tool for identity theft. According to IDology’s Fifth Annual Fraud Report, “40% of businesses reported their contact centers were increasingly being targeted by fraudsters, with social engineering being the most widespread fraud tactic.”

Internal Threats: Rogue Insiders

A 2015 McAfee report uncovered that internal actors caused 43 percent of data loss in breaches, with half of these cases being accidental. These breaches can be caused by temporary workers, interns, disgruntled employees, and the business’ IT department.

External Threats: Technology Vulnerabilities

As defenses have improved, criminals have improvised on ways to attack businesses using external channels. For example, since the chip-and-PIN technology on credit and debit cards are now largely secure, the proportion of attacks using phone channels have gone up remarkably. Attack strategies like these will keep evolving as the criminals continuously probe call centre systems for any signs of vulnerability.

Here are six crucial components for strong contact center security:

Ensure physical security at contact centers

This is a commonly overlooked parameter in ensuring digital security. Physical security of endpoints and all contact center assets should be of primary importance, as unauthorized access to a single door/number pad/swipe card or even a biometric lock can result in major vulnerabilities. Management should ensure that people who work on each floor should be the only people to have access to assets on that floor. Photo ID and color-coding nametags and access areas also go a long way in enforcing these rules.

Access to network hardware should be limited to a handful of authorized personnel, and even employee access points should never be left unlocked or, at least, unsupervised. Background checks of all contact center personnel are now a necessity, as is limiting access to cell phones or wearable technology in active workspaces. High quality CCTV footage and call monitoring should also be implemented with authorization from employees and pursuant to local laws.

Improve Digital/internal security

High-quality enterprise virus protection software can literally save your endpoints from being vulnerable – even with adequate firewalling and security protocols. Your telephone system and Customer Relationship Management (CRM) system should assign individual sign-ons for each employee and never rely on single sign-ons.
For change management, all changes must be rigorously documented for PCI compliance. A helpdesk ticketing system can go a long way to help with that. It’s a great practice to periodically conduct third-party firewall penetration testing to ensure your security systems are fully functional.

Multi-Factor Authentication (MFA)

Multi-factor authentication is a necessity now with the mushrooming of multiple electronic devices being used for office work. Even if one system is compromised, MFA ensures multiple layers of protection to secure access.

Deploy a Secure Cloud-Based Solution

Despite best efforts, nearly 80% of organizations are yet to be security-compliant – leaving themselves wide open to the scope of hard fines in the future. It is only common sense to work with a reputed IT Support Provider (who is also a PCI DSS compliant technology partner) to build up your security infrastructure to be future proof. A solid, secure cloud-based solution can truly help your business ensure data security and compliance to safeguard sensitive data round the clock.

Implement backups and disaster readiness plans

Disaster-readiness should be built into your security framework right from inception, as it can protect invaluable business data when your business is faced with natural or manmade disasters, or unexpected crises. Such plans can help you with business continuity in the shortest possible time frame.

Employ IT expert(s)/Hire Managed IT Service provider

If the threats, and the steps to head off those threats seem complicated, it’s because they can be. Security is a constantly evolving field, and it can be mind-numbingly challenging for contact center management to keep track of best practices and ensure regulatory compliance at all times. A qualified Managed IT Services Provider can lighten the burden enormously by bringing on board industry-leading cybersecurity experts and deep domain expertise in the area.