Very few things can damage a company’s reputation, as does a security breach, compromising sensitive data. An article by Customer Experience Report recently wrote an article on how to ensure secure customer data. A summary of that article is below:
Customers trust that contact centers have all the necessary procedures, technology and screening methodologies in place to protect their vital private information. Even so, fraudsters are constantly developing their own strategies to hack systems and mine for data. And, the perpetrators aren’t always from the outside, making it necessary to start from within when assessing an organization’s security protocols. Contact centers can and should be proactive when ensuring customer data is secure.
10 Steps to Ensure the Security of Customer Data:
1. Assess Current Procedures
Take a look at what current procedures are in place to manage and protect data. What are the exposures to risk and are there any security gaps? Contributing factors to inside theft include:
- The type of data being handled and processed
- Staff members who should not have access to sensitive data
- Inefficient screening, training and supervision
- A high frequency of staff turnover
- Non-compliance with guidelines and regulations such as HIPAA
Organizations should bring in a third-party auditing firm who will assess the company’s current data security program and issue an extensive report specifying the findings to show that the contact center takes data security seriously.
2. Increase Security
“The best security is always layered security, and this principle holds true when securing the telephony channel. Voice biometrics can capture “bad guy” or fraudster voices and put them on a blacklist that can be used for future voice comparisons and verifications of individual callers.” Advised Avivah Litan, a Vice President and Analyst at Gartner in an article she wrote for Forbes, “This technology has been successfully used by law enforcement and intelligence agencies for a few years, including in recently disclosed surveillance activities undertaken by US intelligence agencies. However, voices can be distorted or synthesized, making it harder to identify a fraudster, which is why a layered strategy that also uses phone printing works best for fraud prevention.”
In addition to voice biometrics, customer data should be encrypted immediately when it is entered into the database. This will help to block hackers and unauthorized users. Another method of making data inaccessible is through tokenization, which is most often used in credit card processing.
Anti-phishing software can also be installed to secure email communication and block criminals from sending out fraudulent emails under a legitimate company’s name. However, before implementing any such processes, regulations should be consulted for compliance.
3. Leverage Personnel
In any data intense and sensitive environment such as the contact center, extra diligence should be taken to ensure the right staff members have access to such data and have the ability to identify possible criminal activity.
To that end, management should:
- Establish stringent hiring procedures to include background checks, screening tests and an extensive training period
- Allow access only to highly screened and qualified individuals
- Implement strong identification authentication and verification procedures
- Monitor staff activity
- Immediately revoke access to the company’s network upon termination of employment
4. Comply with Payment Card Industry Data Security Standard (PCI-DSS)
Any company that stores, processes or transmits credit card data should consider complying with the PCI-DSS, a security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.
Doing so has many benefits, chief among them is:
- Confirmation that systems are secure
- An improved reputation and customer confidence
- Prevention of security breaches and data theft
5. Shore-up Defenses
Make sure that firewalls are the most current and effective, especially if employees are logging on from remote locations and if a broadband internet connection is used as both scenarios increase system vulnerability.
- Block access to non-company specific social media portals and internet usage. Such access can aid in employee theft of sensitive information.
- Monitor and track the inbound and outbound flow of data transfer to be alerted when an anomaly occurs.
- Request regular updates and patches from software vendors.
6. Run Drills
Data theft is a reality but contact centers don’t have to be caught unprepared. On the contrary, it is their duty and responsibility to protect customer information. Coordinated drills and simulated attacks should be held at least once a quarter. This exercise will help managers understand where the center is vulnerable, and enable them to take corrective measures.
In addition to voice biometrics, customer data should be encrypted immediately when it is entered into the database. This will help to block hackers and unauthorized users.
7. Build a Strong Architecture
Having a sound disaster recovery and backup systems in place is integral to not only continuing operations, but also to protecting loss of data. Even though backups are usually done at the end of each day, contact centers should consider running a simultaneous backup system so that data is constantly saved and safeguarded. This will prevent losing any data at any time, and also avoid the need to dedicate time to restoring systems that causes further downtime and potential loss.
8. Move to the Cloud
Chasing technology advancements, maintaining staff, keep on the leading edge – a lot of that can be transferred to the cloud provider, including data security measures.
9. If a Breach Occurs
- Be proactive and notify clients immediately that their personal data may have been compromised. Also alert credit bureaus and other related authorities.
- Immediately secure compromised systems in order to prevent further data loss.
- Attack types should be categorized and treated separately and forensic evidence should be safeguarded for review.
- Hire professionals in the area of data theft to diagnose the occurrence.
10. Evaluate and Update
Just like most business processes, data security is not a static procedure. Policies and procedures must be constantly evaluated for efficiency and updated with the most recent methodologies of fraud detection if they are to be effective.
Outsource Consultants are call center experts with over 25 years of outsourcing industry experience that have spent thousands of hours vetting and analyzing the strengths and specializations of the industry-leading outsource call center vendors. If you’re considering call center outsourcing, simply call 888-766-4482 or request a free call center cost proposal today and we’ll help you find the solution that best fits your exact requirements.