Guildford, U.K. – March 21, 2018 – Following a survey of contact centre agents worldwide, Semafone – the leading provider of data security and compliance solutions – has issued a warning to businesses with contact centres about the top five insider threats that are putting customer data at risk.
To be launched at this week’s Call & Contact Centre Expo in London, the company has produced a guide highlighting the individuals and scenarios that can act as a catalyst for a brand-damaging data breach. Originating both inside and outside a contact centre, the insider threats come in the form of individuals using bribery, coercion, social engineering and malware to get their hands on sensitive customer data. However, not all threats are malicious in nature; the guide illustrates that high-profile data breaches can also stem from simple instances of human error and agents accidentally exposing personally identifiable information (PII).
1. The Tempted Temp
Temporary agents, such as those hired to handle seasonal surges in call volumes, often have less loyalty to a company. Without the proper screening processes or clean room policies, these employees can easily steal sensitive information.
2. The Credulous Clicker
Even the most trustworthy employee can accidentally expose sensitive data. An agent may inadvertently click on a link or open an email attachment thinking it is from a customer, only to unleash a virus into the system, which steals customer data.
3. The Vengeful Victim
A disgruntled employee with a personal grudge against management can take advantage of an agent’s access to customer data, bribing them to share payment card details and other information.
4. The Hidden Hacker
Anyone with access to agents’ computers can steal sensitive data stored in the network. For example, a rogue IT support employee could insert a Remote Access Trojan, or “RAT” into a computer; this little piece of software allows the device to be accessed remotely, enabling the hacker to tap into customer data.
5. The Contract Cleaner
Anyone with access to the contact centre facility can get their hands on personally identifiable information (PII). For example, someone on a cleaning team is likely to have unrestricted access to the building. This makes it easy for them to access contact centre computers and use USB sticks to install software that captures detailed customer information.
“While these are just few examples of the types of fraudsters and cybercriminals that contact centres may encounter, it is more important than ever for organisations to protect themselves and their customers against potentially brand-damaging data breaches,” said Tim Critchley, Semafone CEO. “Of course, most employees are trustworthy people, but it only takes one rogue worker to expose or steal PII.”
“By removing as much sensitive PII as possible from business infrastructures, contact centres can reduce the risks associated with a detrimental, costly data breach,” Critchley added. “They do not have to worry about outside hackers, third parties with fraudulent intentions, or even agents prone to honest mistakes. As we like to say at Semafone, ‘No one can hack the data you don’t hold.’”
To learn more about the threats to contact centre data security and how to mitigate them, download Semafone’s new eBook, “The flawed five: who’s threatening the security of your contact centre,” here.
How to keep customer data safe:
Best practices for preventing company insiders and outsiders from accessing sensitive data include:
- removing customer data from the contact centre environment completely
- conducting proper employee background checks
- training employees to recognise attacks, especially those using social engineering tactics
- tokenising data (replacing it with a meaningless equivalent)
- enforcing the principle of Least Privilege on computer systems, whereby agents are granted the minimum level of access necessary to do their job
To keep sensitive data out of the contact centre environment, organisations can adopt dual-tone multi-frequency (DTMF) masking technologies, which allow customers to enter payment card information and other PII directly into the telephone keypad. Such solutions replace keypad tones with flat tones, shielding data from agents, nearby eavesdroppers and even call recording systems. The agent is also able to remain on the line in full voice communication with the caller, ensuring a smooth customer journey. The sensitive data is sent straight to the appropriate third party, such as the payment processor, bypassing the contact centre’s infrastructure completely.
Semafone at the Call & Contact Centre Expo:
Semafone will be attending the Expo on 21 and 22 March. You can find the team at stand #2530.
The company has been shortlisted for the Genesys Best Security Solution Award, which will be announced on Thursday 22 March at the event.
For more information about Semafone, please visit: www.semafone.com