How Contact Center Information Security Became a Priority
By Salvador Padilla, Director of Information Security, Compliance and Project Management
The shift in contact center operations has significantly impacted information security. Previously, controlling access was relatively straightforward, as all users were physically located within the contact center. User accounts meticulously logged individual actions, facilitating easy tracking of system access. Additionally, servers and network equipment resided within the office environment, allowing for a clear definition of network and information security through robust firewalls and physical proximity control.
However, the landscape has transformed considerably. The onset of the Covid pandemic necessitated the rapid implementation of remote work arrangements due to lockdowns and stay-at-home orders. Consequently, almost every organization has undergone substantial changes in its information security approach over the past three years.
Navigating the Security Implications of Remote Work Environments
Extending the network into homes has created new challenges for security managers. Much of this is connected to the equipment used in the house. Some companies allow employees to use their computers – called Bring-Your-Own-Device (BYOD). Naturally, this means that the corporate network must be carefully shielded from any vulnerabilities on these computers.
Cyberattacks can be more easily created when organizations expect remote workers to connect to the central system. And hackers can target home Wi-Fi networks if they specifically target a company.
The main issue for information security policies is the expanded attack surface. In a closed-office environment with robust security controls, the system is well-protected against external attacks. Once remote workers can access the central system, many more endpoints must be protected along with additional software and networking tools.
Combine the additional remote users with a central system that now resides in the cloud rather than a locked office, and the complexity increases.
Mitigating Risks and Ensuring Data Protection
Fortunately, some sophisticated tools are available to help contact centers remain secure. At Datamart, we use Data Loss Prevention (DLP) Solutions, Intrusion Prevention Systems (IPS), Security Information and Event Management (SIEM), and NexGen EDR. These systems alert administrators and security professionals of potential attacks as they are happening. They can be used to identify weaknesses in security before they are exploited. Artificial Intelligence (AI) can monitor activity across the entire network. It can alert administrators to potential attacks as they are happening. It can also be used to identify weaknesses in security before they are exploited.
Information security has always been important for contact centers. The Payment Card Industry has policed the secure use of cards with their PCI DSS standards for over two decades. Reputable operators get certified and demonstrate that they follow the best industry practices.
With remote workers and an expanded attack surface, all contact center operators must go further. The information security team may control security. Still, security has to become cultural – it is every team member’s responsibility to keep their system secure and be aware of how hackers may attempt to gain access.
This requires training and vigilance, but this is the world we now live in. IBM has estimated that the cost of a data breach in the US is now almost $10 million. This is why asking your contact center operator how they intend to keep your data safe is essential.
If you don’t take information security seriously, your customers will almost certainly move to a company that does.