Are contact centres soft targets for stealing your personal data?
“Social engineering, such as advanced phishing, pretexting, baiting and tailgating, are still the most common ways for hackers to steal personal data, and contact centres could be a soft target for them, if not properly managed,” says Neil Van Der Merwe, Information Technology Executive at Merchants SA.
According to the World Economic Forum, cybercriminals are using more advanced and scalable tools to breach user privacy, and they’re getting results. Two billion data records were compromised in 2017, and more than 4.5 billion records were breached in the first half of 2018 alone.
“Not to mention the recent personal data breach of over 200 000 travel customers, whose calls were recorded and stored via an unsecured web services server, a UK based company Teletext Holidays,” says Van Der Merwe.
So what potentially makes outsourced contact centres such soft targets? By their very nature, contact centres are managing large amounts of data daily, people working as contact centre agents are dealing with the data and new tech like AI, webchat and automation could be a weak link.
However, what consumers, don’t realise, is that when managed properly, contact centres aren’t actually capturing the data, but rather processing it through a company’s own internal systems, therefore providing effective screening measures against hackers.
In the case of Merchants, through its Dimension Data and NTT offering, contact centres also provide 24/7 global threat monitoring services to bolster security through continuous risk assessment. This ensures contact centres are continuously improving their security against hackers and keeping abreast of the latest tactics which are being employed.
“There are three main cybersecurity risks for companies to consider when using a BPO service, such as contact centres, to manage their customer experience while keeping personal data safe,” says Van Der Merwe.
An unsecured contact centre environment: Getting the basics right is critical and it’s about putting simple cybersecurity hygiene practices in place. Agents are not allowed to bring their personal devices into the contact centre, the Wi-Fi or mobile data is blocked by signal jammers and the environment goes into complete lockdown.
Other measures include contact centres not having access to email, internet browsers or instant messaging. The computer they sit behind can only use the secure software system needed to manage customer experience and enquiries and the information contained is fully encrypted. “We also regularly use outside service providers to ‘hack’ our own systems and test for vulnerabilities,” says Van Der Merwe.
The people: Without question, people are a big risk when it comes to security breaches. Data has a high value on the black market and is considered a quick and easy way to make some money. On the other hand, contact centre agents could be externally threatened or targeted by hackers through blackmail and coerced into assisting in an attack.
“The most effective way we mitigate this risk is through vigorous background screening, personality evaluation, investment through career development and, of course, training,” says Van Der Merwe.
“Contact centres which don’t ensure high levels of employee engagement will experience high levels of churn and disgruntled people. You also cannot simply onboard someone into the centre, they need continuous training and be kept abreast of new threats or hacking tactics.”
New tech adoption: A common response to the ‘people risk’ is often, adopt more technology, but this can also have its drawbacks. As with all new technology, it is not yet clear what weak points exist. Never mind the fact hackers themselves are also using tools like artificial intelligence for malicious purposes.
AI systems are cheap, scalable, automated and anonymous. Companies are testing the water with verification tools such as biometrics, interactive voice response and one time pins. “But companies must consider consumers still want to deal with people, and not all are completely comfortable with a fully automated experience. The technology is there to enable the contact centre agents while the people provide trust and expertise to the customer,” says Van Der Merwe.
Another big role contact centres can play is how they communicate with consumers about their personal data and provide transparency. A recent global IPSOS survey found only a third (36%) of participants trust organisations with how they handle their personal data while almost two-thirds (64%) said they would be more comfortable sharing their data if they were promised the information would not be given to third parties or can prove they have never been hacked.
“A secure contact centre goes hand-in-hand with effective customer experience because agents can build trust with consumers and the company on how their personal data is used, stored or shared. And it starts with ensuring your outsourced contact centre has the right cybersecurity measures in place to mitigate risk,” says Van Der Merwe.