Securing your contact centre from internal threats.

Any breach can have significant implications for the business, resulting in broken customer trust, and possible reputational and financial damages.

Addressing security challenges in a changing contact centre landscape

Securing your contact centre against these hidden dangers, whether they stem from malicious or accidental breaches, requires a comprehensive security strategy and the right technologies to detect and mitigate the rising threat from within to keep operators one step ahead.

Martin Cross, CTO at Connect, explains that a major risk is the evolving contact centre agent profile due to the influence of AI.

“AI supports chatbots and automates processes, freeing agents from everyday tasks to focus on more value-adding higher-order tasks. AI also supports agents in this role by surfacing more data, enhancing engagements in real-time with relevant and often sensitive data.”

According to Cross, the challenge facing contact centre operators in this evolving environment is finding and retaining the talent to perform these tasks.

“Supporting distributed workforces through remote working is one avenue to address the challenge posed by finding and retaining talent and offers additional operational and performance benefits, like a wider staff demographic, access to scarce skills, and the ability to scale capacity during high demand periods through micro-shifts, which all help to enhance customer service and delivery.”

However, a distributed workforce also increases security risks without the right processes and solutions to control access to sensitive data and manage insider threats.

“Contact centre operators that support remote, offshore or outsourcing models must find the right combination of partner expertise and solutions to manage risks by retaining control of their data,” asserts Cross.

Identity (ID) management solutions play a pivotal role in protecting customer and company data by ensuring that the people who access systems are who they say they are and have permission to do so. In this regard, endpoint security solutions become vital tools in the battle to protect sensitive information from malicious actors.

“Having the correct endpoint security solution in place is about ensuring that a person holds the appropriate credentials and authority to access the contact centre system on the correct and healthy device, in an acceptable location, at the correct time of day,” explains Keith Bowie, CIO and SVP of Engineering at SessionGuardian. “These solutions ensure no unauthorised eyes can see your sensitive or regulated data.”

This requirement extends to third-party outsourced providers as an operator is ultimately responsible for managing data access to meet user privacy and data security regulatory requirements across all vendors and partners, adds Bowie.

“As such, it is vital to align processes and procedures around data management. This process starts with an audit that ensures all solutions in place meet company and regulatory requirements, including physical security in at-home and third-party environments.”

Implementing effective insider threat mitigation strategies

Green adds that the Insider Risk Mitigation Framework developed by the National Protective Security Authority (NPSA) in the UK offers a recommended approach to help businesses understand and mitigate insider risks.

“The framework includes a 10-stage process that identifies the highest priority areas for remediation, providing a prioritised focus for insider risk mitigation, starting with an insider risk assessment.”

The insider risk assessment identifies the most important assets in an operation, including personal data, to determine the “crown jewels”.

“The next step involves identifying potential threat actors and assessing them against the risk framework to understand what security risks your organisation faces to develop appropriate and proportionate security mitigation measures,” continues Green.

These mitigation measures include policies, standards, guidelines, procedures, processes and technical solutions to reduce risks.

“While a contact centre operator can never reduce risk down to zero, with the right combination of these measures they can bring their level down to align with their risk appetite.”

In this regard, the NPSA states that it is critical to ensure proportionate policies, standards, guidelines and procedures are in place and that these are understood and consistently enforced in any successful insider threat programme.

This should include appropriate physical and technical measures alongside stringent employee screening and vetting and personnel security measures to deliver security in an integrated manner.

A good security culture in the organisation is another essential component of a robust protective security regime that helps to mitigate insider and external threats.

“Ongoing security education and training is also necessary to ensure agents know what policies, standards, guidelines and procedures are in place to maintain security,” adds Green.

In addition, appropriate investigation and disciplinary practices are essential to ensure agents adhere to these security policies and processes.

From a monitoring and detection perspective, operators must implement ongoing risk management measures to identify high-risk behaviours.

“Leveraging tools that support agent monitoring helps operators effectively recognise and deal with potential security or personal issues that may impact an employee’s work to keep the operation running at a tolerable level to its risk appetite,” says Green.

The other vital element to monitoring and detection relates to regular testing and reviews, including incident response scenarios, which ensures operators can implement the appropriate response in real-world scenarios.

“Lastly, operators should continuously review any insider threat mitigation strategy to measure the effectiveness of any resources used and that it correctly reflects the current threats and vulnerabilities in your organisation,” concludes Green.

This content was developed from insights and discussions shared during The Threat from Within: Securing your Contact Centre webinar hosted by Connect, BLOCKPHISH and SessionGuardian. You can view the webinar by clicking here. 

About‘Connect.

Connect combines global contact centre and customer experience (CX) expertise, deep domain knowledge, and unparalleled industry skills to make the complex, simple. Since 1990, we have leveraged our vendor-independent managed services approach to digitally transform how organisations communicate, both internally and externally. We specialise in combining the most relevant technologies and services from leading vendors and platform providers to create opti-channel engagement solutions, orchestrating frictionless experiences and simplifying complex communication challenges.

Connect with us Connect UK, Connect South Africa, Connect India, Connect USA.