In a time where it seems like every other week another major brand reports that they suffered a data breach, it just goes to show that it only takes just one wrong move for your own company to make it into the headlines. Cyber threats are coming from all directions nowadays, so organizations need to remain vigilant at all times or face the wrath of fraudsters making big money off their vulnerabilities.
Contact centers are a part of the business particularly ripe for a data breach; they are the hub for customer contact, and often the touch point for all types of sensitive customer data, including payment card information, social security numbers, and contact details, among many others. Fortunately, there are precautions that organizations can take to prevent a breach of their own and keep their name out of the headlines. In honor of National Cybersecurity Awareness Month, we’ve gathered a list of ten surefire ways to help prevent a data breach in the contact center and keep your brand reputation safe and sound.
Hire the Right People
An often-overlooked threat are the ones coming from right inside – a company’s own workforce. A disgruntled or malicious employee can do a great deal of damage, and prevention starts before workers even step foot in the door on their first day. While no hiring process can be 100% watertight, having the appropriate procedures in place to identify the bad eggs from the good ones and weeding them out from at the start can prevent problems before they arise. Background screenings and reference checks, coupled with strong interviewing skills, will help to ensure the company is staffed with the right people and will avoid a situation where one person causes a world of damage for everyone else.
As fraud become increasingly sophisticated and hard to detect, making sure everyone in the organization, from the CEO down, is properly educated on how to identify and report threats is absolutely essential in securing the business against threats.
These days no one in an organization is safe and anyone can easily fall victim to a phishing scam disguised as an email from a trusted colleague. As it takes just one weak link to break a chain, employees must hold each other accountable and report any suspicious activity they come across. An informed organization is a safe one, and employees that are trained to spot and avoid cyberattacks can stop one dead in its tracks.
Cut Down on Insider Threats
Besides a company’s own employees, there are other threats inside the office that are often overlooked. Outsourced staff, such as cleaning, janitorial, and maintenance services, building security, and even consultants and contractors, pose as great a threat as any. Even though traditional employees may leave for the day at 5PM, the office may remain far from deserted until much later. These auxiliary employees have unfettered access to workstations, filing cabinets, and other areas containing highly sensitive information, and with fewer witnesses around to see them, they might be tempted to take advantage of the situation and steal important data.
To cut down on these insider threats, keep logs of everyone who enters and exits the building, install security cameras in entryways and exits, and make sure that contracts with outsourcers have the proper liability provisions in the event of a data breach.
Update Security Software Regularly
Antivirus software should be kept up to date with the latest versions at all times in order to reduce any vulnerabilities. And if your organization is not using antivirus software, it’s laying out the welcome mat for all kinds of security issues. As The Hartford writes in their Small Biz Ahead blog, “Malware continuously evolves and software vendors continuously update or ‘patch’ their programs in order to address new security vulnerabilities. For this reason, it’s vital to install updates to security, web browser, operating system and antivirus software as soon as they are released. They’re your first line of defense against online threats.”
Manage the Use of Portable Devices
Portable devices, such as external hard drives, USB sticks, CDs, or DVDs are convenient because they’re easy to carry from place to place, but they’re just as easy to lose, or—even worse—have stolen. To prevent the information held on these devices from falling into the wrong hands, ensure that only encrypted data can be downloaded onto them. This will cut down on the risk that data can be used for nefarious purposes by rendering it unreadable without the proper encryption key.
Secure and Segment Your Network
With the plethora of devices that can now connect to Wi-Fi networks, securing them has become harder than ever. This means that not only are company-sanctioned devices like laptops and tablets connecting to the network, but employees’ personal cell phones and other unsecured devices as well, causing a headache for IT professionals trying to maintain network security.
To mitigate the threats these unsanctioned devices can pose, use the latest encryption methods such as WPA2 and install a corporate VPN. It also doesn’t hurt to install an additional firewall to add an extra layer of protection for the network.
In addition, when it comes to complying with frameworks such as the Payment Card Industry Data Security Standard (PCI DSS), it’s necessary to segment your networks to ensure that cardholder data is not flowing to areas of the business where it shouldn’t go. Doing so will also help reduce the scope of compliance for your contact center.
Hold Outside Vendors to Stringent Security Standards
Even by implementing the most stringent security procedures internally, a company may still find itself liable for a data breach if their partners don’t take security as seriously as they do. If a well-intentioned partner fails to maintain the same responsibility towards sensitive information as your own organization, it could jeopardize the security of both parties.
Prior to conducting business with a third party, make sure to inquire about their security procedures. This can be accomplished by crafting a survey with detailed questions about how they treat sensitive data and the precautions they take to secure it. Should you deem their responses adequate, you can then establish an agreed upon set of security measures, and codify them in the partnership agreement.
Properly Dispose of Sensitive Information
While most of the aforementioned tactics have focused on cyber threats, threats in the physical arena also exist. When disposing of any paper files that contain sensitive information, always cross-cut shred them before disposing. CDs, DVDs, external hard drives, must also be properly handled prior to disposal, as simply deleting files or reformatting them does not fully erase data. Instead, use software that will permanently wipe the media from these portable devices or opt to physically destroy them. There are plenty of fraudsters out there who are more than willing to rummage through waste in order to get their hands on sensitive information, so don’t give them what they’re looking for.
Conduct Regular Vulnerability Assessments
Stay one step ahead of the hackers and fraudsters, and keep track of every single way your organization can be penetrated by conducting regular vulnerability assessments. While many companies perform these assessments on a quarterly basis, Kevin Prince recommends in an article on ITBusinessEdge that organizations conduct these weekly to get the best results. To have the greatest idea of where a breach can occur, vulnerabilities must be brought into the light early and often.
According to Prince, “Organizations should perform vulnerability scans against every system in their network, both internal and external.” Extensive scanning will lead to the most thorough results, which in turn will lead to an elevated level of protection. After vulnerabilities are identified, the business can then take appropriate action to mitigate the associated risk and solve any outstanding issues.
Keep Data Out of the Contact Center Entirely
In order to have a data breach in the first place, there must be sensitive information for a hacker to steal. Thus, if there is no sensitive customer information in the contact center to begin with, the danger of a fraudster getting ahold of anything valuable is significantly reduced.
With DTMF masking solutions like Cardprotect Voice+ by Semafone, customer payment data never enters the contact center. When making a payment over the phone, the customer types in their card number on their keypad, and the dial tones are replaced with flat tones so the Customer Service Representative (CSR) cannot distinguish the numbers. At the same time, the CSR and caller stay in full voice communication through the duration of the transaction, allowing the CSR to troubleshoot or answer any questions should the caller have any issues. Transaction details are then passed straight to the payment service provider, bypassing the contact entirely, and never stored in the systems or on the premises. As an added bonus, contact centers deploying Cardprotect will achieve cost effective PCI DSS compliance while significantly reducing the scope of applicable controls for their infrastructure.
When organizations take the proper precautions, they can greatly minimize the chances that they’ll suffer a data breach. While one can never be too safe, perhaps the most effective measure a company can take is to not store any data at all. After all, they can’t hack what you don’t hold!