It is no secret that remote working, either full- or part-time, is now the norm for a significant percentage of the working population, including contact centre workers. However, this has brought to the fore new challenges in how we manage data access and protection.
In 2020, we were forced to make rapid changes to how and where we worked, with an estimated 4.3 million Australians working from home at some point during the COVID-19 pandemic. We had to swiftly accommodate remote data access, increased work volumes and unsecured home-based internet connections.
As we established our new normal in record speed, cybercriminals began to exploit new data security gaps just as quickly. Furthermore, the potential for more eyes on our work at home exposed us to the risk of privacy breaches.
We now have an opportunity to reflect on how we manage data security and privacy and adopt protocols that will better protect staff and customers.
Why is data security so important?
The threats to data security and privacy are external from hackers and scammers, and internal from customer service representatives who copy and sell data, use personal payment information for themselves, or fall victim to a phishing scam.
Proper data security protects your organisation in four crucial ways:
- It contributes to your compliance with national and international data security and privacy laws relevant to your organisation. You may need to abide by laws in more than one country, depending on your and your customers’ locations. In Australia, this is the Privacy Act and the Australian Privacy Principles. If you have customers located in the European Union, you must comply with the General Data Protection Regulation (GDPR).
- It minimises internal and external opportunities for data mishandling and theft, identity fraud and scams. These activities constitute breaches of the Australian Federal Government’s Cybercrime Act 2001, which are considered criminal offences.
- It helps you maintain data integrity. Minimising the number of people who can access data reduces the frequency of unintended changes and mistakes.
- It maintains customer trust and protects your brand’s reputation. There is an unspoken agreement between companies and their customers that they will keep data safe and secure. Breaches in data security put you at greater risk of permanent damage to your organisation’s reputation and may cost you customers in the long run.
Why working from home places contact centres at risk
Contact centres have long been targets for cybercrime as they hold and process high volumes of personal data, including financial information.
With Australians frequently working from home due to office attendance limits and snap lockdowns, cybercriminals are taking advantage of unsecured internet connections and phone lines, personal devices and hastily constructed online security measures.
A particularly worrying phenomenon is a significant increase in phishing attacks, where hackers target employees with malicious links disguised in legitimate-looking emails. When clicked, these links download malware, such as keylogging software that tracks employees’ every keystroke. Cybercriminals record login credentials and gain unauthorised access to a company’s network.
The security threats are not just external. The practice of password sharing between colleagues is problematic as it can allow hackers to access a multitude of systems. Often unavoidably, Wi-Fi passwords are shared among households, and devices are used for both work and personal reasons.
Staff may also unintentionally compromise data privacy when they work in communal spaces. Family members or housemates may overhear phone calls or see customer information on screen.
Thankfully, there are several ways to tighten data security and privacy measures to make working from home safer for your employees and your organisation.
How to help remote workers protect your contact centre’s data
A comprehensive approach that encompasses training, hardware, software and your longer-term IT strategy is the best way to ward off data security breaches.
- Move to an environment that was specifically built for the cloud. Contact centre software, such as that developed by Premier Contact Point, allows for a seamless transition between home and on-premise working without compromising your security. Furthermore, IT Brief recommends choosing a cloud environment that offers remote agent tracking and communication tools so that staff can flag suspicious activity quickly.If you are already using a cloud service, speak to your provider about security protocols. For example, do they use SSL to encrypt all communications for transmission? Can you customise user access levels?
- Offer regular staff training on cybersecurity, data privacy regulations and compliance measures. Use online training and webinars to educate staff on risks they face when working from home, how to comply with company and government regulations, and how to identify suspicious activity.Asking staff to undertake refresher training annually will help keep cybersecurity and data privacy top-of-mind.
- Mandate the use of the company-owned devices, accessories and protective software. Using personal devices and unsecured home connections is one of the biggest threats to data security. If possible, ensure that remote workers use company-issued devices and accessories that are preconfigured with appropriate firewalls, intrusion detection systems and anti-virus and anti-phishing software.If you allow team members to use a personal laptop, this should be done in accordance with a stringent bring your own device (BYOD) policy.You may also wish to consider adding two-factor authentication to software that holds sensitive data to increase your resilience to hacking.
- Establish working from home security protocols. Your protocols will need to cover both technology and the working environment. On the technical side, ensure staff use company-issued equipment (as per the point above) and access the corporate network and cloud-applications using a Virtual Private Network (VPN). Staff should have strong passwords which they change regularly and do not store anywhere. Staff should conduct calls via VOIP as mobile phones can capture data and pose a security threat. Regarding their working environment, where possible they should work alone or in a space where their desktop is not in sight of other people. The computer should be password locked when unattended and secured at night when not in use. Information should never be printed out or kept in spreadsheets.
- Review your measures for protecting data during financial transactions. You should already be following the guidance set out by the Payment Card Industry Security Standards Council. Credit card information must be protected by access controls, network segmentation, and encryption. Your contact centre software provider should help you meet your PCI DSS obligations using integrations with your payment processing solution. You can also request that staff working at home take secure contact centre payments via dual-tone multi-frequency (DMTF) masking technology, allow customers to pay via smartphone or use voice biometrics.
- Ensure that you implement least privilege user access (LUA) on all systems. Employees should have the minimum level of access to customer data required to perform their work. Most database software and contact centre software offer this feature, but it is worth regularly reviewing user access levels.
- Incorporate remote working needs into your digital transformation plans. When planning future digital transformations, have a remote-first mindset. This will ensure that you prepare for the worst-case data security and privacy scenarios and seek solutions to address these as part of your broader IT strategy.