Call Center Cybersecurity

Contact centers deal with credit cards, personal and healthcare information. This is some of the most lucrative data hackers could steal.

In addition, they can encrypt your files with ransomware and try to get you to pay. Because of the critical nature these contact centers play in an organization, companies often have to pay the ransom if they don’t have the realtime backups ready to restore.

Mckay Bird, CMO of TCN

To get a sense of the pitfalls you should watch out for in your organization and specifically the contact center, we had an exclusive interview with Mckay Bird, CMO of TCN a leading provider of cloud contact center technology for enterprises, contact centers, BPOs and collection agencies worldwide.

In case you aren’t aware of the company, they won a Customer Product of the Year award this year for their Cloud Contact Center Platform and we broke the news last month that they teamed with Envision on WFM.

Here is the interview:

Why are contact centers big targets for hackers?

It’s not necessarily the contact centers that are being hacked, but organizations that operate consumer- based call centers for specific products. In order to help consumers resolve disputes and other customer inquiries from their CRMs, sensitive personal data is available to agents (i.e. birthdate, SSN, balances and possibly credit card information, etc.). This type of customer data is often appealing to hackers.

What are the compliance implications of a breach?

Often times the implications are monetary (i.e. fines). When a breach occurs, it can be damaging to a brand.Over time, we have seen consumers vote with their wallets and change contact center providers who have been flagged as repeat offenders.

What about customer trust?

Customer trust is built over a lifetime and lost in a day. Organizations need to implement security measures both at the call center and agent levels to ensure customers when calling in to resolve an issue. Some security measures to consider include: two factor authentication, security phrases and SMS text verification codes.

How can they stay continuously secure?

Undergo regular audits and third-party checks. This is the only way to stay ahead of the changing security requirements needed for any organization handling consumer data.

What should we know about your company and its capabilities?

At TCN, we regularly undergo independent verification of our security, privacy, and compliance controls, to further help our clients meet its regulatory and call center operational objectives. TCN’s comprehensive, cloud-based contact center platform has achieved Payment Card Industry Data Security Standard (PCI-DSS) Level 1 certification and U.S. Federal Health Insurance Portability and Accountability (HIPAA) compliance. TCN’s cloud contact center platform is secure.

What preventative measures can be taken?  

  • Do regular audits. Most audits should be automated.  There exists whole suites of tools automating things such as password rotation, sensitive data leaks, configurations, change management, and other categories.  Run these tools. Have qualified individuals review the reports. Additionally, audit things manually from time to time. 
  • Add authentication to secure systems and employee access to email. Email access and all administrative tasks on the backend should be done through two-factor authentication. Utilize tooling such as key rotation and certification based logins to automatically create rules and policies to grant and deny employee access to administrative systems.  
  • Train employees. Knowledge is power.  Train your employees to look for suspicious and suspect activity in emails. Require developers have secure coding training. Provide site reliability engineers and system administrators with training on system hardening and other site security policies and practices. 
  • Scan and Pen Test. Run automated scans for known vulnerabilities. Run a web application firewall.  Do white hat fuzzing on applications.
  • Layer access to and compartmentalize security. No one layer is secure.  Layer best practices upon best practices.  Internal applications should not, for example, relay on being internal and ignore security standards. 

We have also put together cybersecurity best practices for every organization. We urge you to read the document and live by it.

Want more?

Learn about the latest in everything you need! Cybersecuritythe Channel, IT, IOT, Edge, AI, SD-WAN, and the Future of Work at the world’s only MSP Expo, part of the ITEXPO #TechSuperShow, Feb 12-14, 2020 Fort Lauderdale, FL.