Blog - Security

How Secure Is Your Provider?

03/31/2016

Hand holding a speech bubble with "Data Breach" words. Security concept.

Google “security breaches.” See your company’s name? No?

Good, there’s still time to make sure you don’t end up on that list.

Sad truth: Data breaches are accelerating across all industries, with the retail and public sectors being most vulnerable. Along with credit cards, government records are among the most sought by identity thieves.

An up-and-coming target for hackers is health records. They might even prove more valuable than bank and retail records, enabling not only insurance fraud, but also providing a source of rich identity data.

These targeted industry segments are the very ones supported by call or contact center providers.

 

Ensure a Complete System

When it comes to protecting customer data, anything less than a holistic approach is flawed.

Your data is only as safe as the most vulnerable link in your system, including the partners with which you share data.

Call or contact centers with your best security interests in mind use an integrated approach—from vetted agents to hardened infrastructure to locked-down data. All three should be combined for continuous protection. Here’s a checklist.

 

Agents
Ensure agents adhere to strict administrative procedures and industry security standards.

  • Verify agent certifications, work backgrounds and security clearances.
  • Secure their workstations, with restricted PC functionality and clean-desk policy.
  • Monitor agent performance for consistency, enforcing protocols.

Infrastructure
Develop comprehensive infrastructure security—tested with penetration attempts and vulnerability scans.

  • Integrate recovery, redundancy and failover across data centers and networks.
  • Configure system security plans for all hardware and software.
  • Detail network security for firewalls, backups and intrusion detection.

Data
Adhere to industry standards—including compliance with Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (DSS) Level 1—plus do more.

  • Protect with authentication, access controls and integrity verification.
  • Secure in-transit data with encryption, monitoring and alarms.
  • Exceed industry standards with additional common-sense measures

 

Build on the Basics

Data masking, for example, blocks confidential customer information, including credit card or Social Security numbers. While masking should be standard practice, it’s not yet an industry norm.

Some call or contact centers are exploring practices that intermittently videotape agents. Others are rolling out a virtual desktop, providing stricter controls over agent activity from a central data center.

Following industry standards is essential, but not enough. Service providers must extend security beyond accepted practices to further protect client businesses and consumer privacy.

 

Ask Right Questions

Fact is: Protecting data and privacy needs to be a state of mind—before it can become state of the business.

Before handing over your customers’ data to a call or contact center, ask these five common-sense questions. Does the service provider:

  1. Run a failsafe network—based on past intrusions?
  2. Manage system vulnerability—planning for the worst?
  3. Implement access controls—with foolproof verification?
  4. Monitor and test networks—without fail?
  5. Maintain a security policy—in practice vs. on paper?

These practices are fundamental to running safe operations. And given the times, it’s wise to know security is embedded throughout—before getting into bed with any provider.

Best to know now. Than the morning after.

 

 

 

Menu