Four ways to defend against Cyber Criminals attempt to infiltrate Contact Centres
Head of Marketing, Kerv Experience|Kerv Experience
Published 17/01/23 under:
Introducing a paper five years ago, PwC said:
“Give customers a great experience and they’ll buy more, be more loyal and share their experience with friends. That’s what every company strives for.”
How time flies. While PwC back then recognised one in three consumers will walk away after just one bad experience, the security word wasn’t even mentioned. It took the pandemic-induced explosion in digital channels and remote working for McKinsey (and others) to introduce consumer identity and access management (CIAM) into the argument.
Now, 75 percent of UK contact centre businesses are concerned about cybersecurity when remote working, according to research by ContactBabel.
1) Remote workforces bring unique challenges: aim for a security centre of excellence
It’s only a matter of time before most companies deploy a hybrid, if not fully remote, workforce. That has a wide range of benefits: happier, healthier employees, lower operating costs, and a smaller carbon footprint. But it’s not without security risks.
An HP study found 70 percent of remote office workers said they use work devices for personal tasks, while 69 percent use personal laptops or printers to do their work. So, with more agents working from home, contact centres need clearly defined security protocols.
It’s not just remote working, of course. While increases in cybercrime have similar roots, villains intent on making ill-gotten gains from identity fraud have woken up to the size of the swindles out there. And contact centres are at the forefront of the onslaught. Not least because of the huge growth in the attack surface on offer.
If customers know an organisation can keep their data safe, they have a more positive experience says a TechTarget article. While contact centres have often struggled to protect client data, demonstrable best practices can help engender trust. Establishing the contact centre as a security centre of excellence is key to enhancing customer confidence.
A Genesys paper says data fencing – restricting access to data by location – is table stakes in the age of flexible labour. Whether on internal servers, in the cloud, on employee devices, or transiting between endpoints, data must be prevented from crossing compliance boundaries.
The web browser remains vulnerable with user credentials and passwords as targets. Exploiting the browser happens in a variety of ways, such as the cache and stored passwords. Kerv Experience says address such weak spots by installing robust web application firewalls on all company devices and networks and insist employees only connect using private, secured Wi-Fi.
2) Consumers demand more control over their data: seek safety from cyberattacks
When it comes to CIAM, the McKinsey paper says while companies continue to expand their consumer-facing digital platforms, consumers struggle with authentication processes. Much dissatisfaction stems from complexity introduced to thwart increasing cyberthreats.
Leading companies are thinking about a secure customer journey – an engaging online and mobile experience safe from cyberattacks and fraudsters. The importance of this has grown. Most have seen the number of customer accounts and associated data sets proliferate. The expansion of digital channels has also expanded the field for malicious actors with more opportunities to commit fraud or take over accounts.
At the same time, regulators are also pressing organisations to secure the customer journey. Many organisations collect and use customer data to offer personalised digital experiences, but they have not all taken effective measures to prevent the risks data breaches pose to their customers’ privacy.
A 2021 survey by KPMG found consumer anxiety about data remains high: 86 percent of consumers are concerned about privacy issues and 78 percent worry about the amount of data collected. Despite this data collection has increased, even while security measures seem to lag: the same KPMG study found 62 percent admitted they could do more to strengthen their data protection measures.
Genesys points out there’s a paradox. Consumers are concerned about data privacy, but they also want personalised experiences. By including transparency into everyday data operations means being clear about what one intends to do with it and ensuring that, when possible, data is anonymised. Being transparent also means giving customers more control over what data they want to share.
3) Housing massive amounts of data poses a threat: keep technology current
Minimising unnecessary data access is an often-overlooked measure. Putting in place system permissions and deleting employee access to accounts when people leave the company make sense. Masking sensitive data to limit the information displayed to employees is a no-brainer. PCI DSS procedures are an obvious example.
Guaranteeing data accessibility to the right people is essential. For example, an agent should log on with a unique ID and password, following an identity and access management process for user authorisation. Meanwhile keeping technology current ensures systems and components are up to date, as bad actors always test systems for unsuspected openings.
Note cloud-based systems eliminate many such loopholes. That’s why a growing number of companies are choosing contact centre as a service (CCaaS). Building on a microservices foundation (like AWS and Genesys Cloud CX) allows security walls or layers within the solution. This means the attack surface becomes smaller than the whole, limiting the threat opportunity.
Given the sophistication of current cyberattacks, companies can’t assume one methodology will solve all security problems. The key is to secure all data – not just the network. To minimise the impact of a potential data breach, part of building the right infrastructure is to integrate security at various layers. This includes encrypting data at rest and in motion.
Also, when building security layers, think past the conventional CIO role of after-the-event intervention. Partner with technology leaders like Kerv Experience early and strategically to ensure security is prioritised and operationalised across the entire organisation.
4) Cloud is now the baseline for better security: ensure intelligent data transfer
A Gemalto survey of 10,500 enterprises and 1,050 IT decision makers from 11 countries revealed companies struggle to control their data. Only 54 percent know where their sensitive data is stored, and 91 percent of IT decision-makers believe they should be better prepared to take advantage of the growing volume of data available. In addition, only 55 percent believe they are GDPR compliant. These numbers reveal contact centre risk management weaknesses.
Customer conversations must be secure. In fact, with each call they share personal and, sometimes, confidential information with agents. It’s therefore necessary to guarantee the security of this information and to reassure customers of that fact. The use of artificial intelligence (AI) and the implementation of an IVR help by ensuring intelligent data transfer according to the caller’s needs.
Kerv Experience partners like Genesys fight against the virtually limitless ways cyber criminals try to infiltrate a contact centre infrastructure. Such scams include, for example, attempting to get employees to unwittingly open suspicious websites or click malicious email links. Yet hackers have become still more sophisticated, and their intrusion schemes ever more dangerous. Such as finding a backdoor to access a computer and cripple the system with a DDoS attack (especially via an unprotected remote working machine).
That’s why investing in training is critical to a security strategy to ensure reliable operations, prevent mistakes, and maintain customer trust.
Genesys Cloud CX™ with Genesys Trust Centre is a comprehensive solution that not only offers a market-leading customer and employee experience, but also safeguards systems and data from cyberthreats. Helping secure clients’ critical personal information, it helps ensure employees work safely online and trains them about threats like phishing attacks and browser security warnings.
Inspiring client confidence, this keeps systems and data safe through our compliance portfolio, demonstrating the Genesys Cloud CX™ commitment to security improvements internally as well as security assurance externally. Genesys leadership is intrinsic to driving this information security and compliance posture through resourcing, culture, and continued diligence.
In fact, one of the reasons why Kerv Experience went all-in with Genesys is their leadership of industry best practices, relevant and appropriate international standards, and – where applicable – national legislation. These provide the greatest assurance internally and externally. Those things also set Genesys apart and show commitment to be best in class from a security and privacy perspective, as well as in its products and services.
Finally regular, comprehensive agent training keeps everyone on their toes and ensures security provisions and policies are always fit for purpose.