02 April 2018

Physical Cybersecurity in the Contact Center

Written by Nicole Robinson, Posted in Contact Center, Unified Communications

Physical Cybersecurity in the Contact Center

 

Modern businesses are obsessed with cybersecurity. And with good reason. By 2021, the damage caused by cyber crime will exceed $6 trillion annually.

You’d be crazy not to protect your business from cyber attacks. We are so concerned, however, with protecting ourselves that we forget about the most vulnerable target of all: humans. Contact centers are extraordinarily susceptible to data breaches caused by human error.

Vulnerability in the Contact Center

Contact center agents use empathy to create successful and positive customer interactions. They frequently make concessions so that customers are left with positive feelings about the business. Customers know this, and they take advantage of it. Sometimes this manifests in relatively innocent ways, when a customer uses anger to score a discount on their phone bill. Many agents are tasked with making customers happy, so they will offer discounts, coupons or even product and service upgrades. The alternative manifestation, however, can be significantly more malicious.

Cyber Attacks Take a Physical Form

Imagine a customer calls in on behalf of their elderly parent. They claim that their parent just set up a phone plan with a new device. The elderly parent has forgotten their password, and the caller needs to login and configure their services. The customer apologizes, but seems exasperated and just wants to help their parent. An agent would imagine that helping this caller is a harmless endeavor, but the reality is much more sinister.

This caller is a type of cyber attacker that uses physical means and takes advantage of human error to steal sensitive information. Using a tactic called social engineering, the caller takes advantage of agents’ empathy, and use the power of conversation to gain access to the personal information of unsuspecting victims. This new type of cyber attack can’t be prevented with firewalls and encryption, so how do you protect your organization and your customers from this?

Safeguarding Against Social Engineering

Naturally, you want to protect your contact center and your business from these types of attacks. The simple answer is to teach your agents to be suspicious and standoffish with callers to ensure information doesn’t land in the wrong hands. Obviously, the problem with this is that your agents are there to provide service and improve the experience of customers. Treating every customer as a potential cyber attacker contradicts that objective. Rather than forcing agents to straddle the line between helping customers and protecting the organization from breaches, you can simply build safeguards into your operations to defend against social engineering. Here are some best practices you can use to create a foolproof social engineering security strategy:

Two-Factor Authentication: Two-factor authentication is a powerful tool for protecting customers. You can use this in a number of ways. The caller can receive a code by text on their mobile device, they can have a security question set up, or agents can even verify personal details to confirm a caller’s identity. The key to effective two-factor authentication is to use it in a way that can’t be circumvented by attackers. For example, if you enable two-factor authentication via email, and the attacker hacks the customer’s email, they can get through this barrier.

Agent Training: This may seem obvious, but agents need to be trained to detect social engineering attacks. If there is a mechanism for agents to flag potential social engineering attacks, you can escalate interactions to a supervisor, or enact a security protocol, such as two-factor authentication.

IVR Flow: Adding verification steps into the IVR flow can help deter attackers before they ever reach an agent. This can involve answering security questions, entering a customer-defined PIN, or even using caller information to identify the customer.

PCI Compliance: A PCI-compliant contact center not only ensures that credit card data is secured from attackers, but also trains agents on best practices for handling credit card information. To take it a step further, you could even a solution such as ice Pay that allows customers to enter credit card information securely without the agent ever reading or processing it.

Top-Down Approach

There are a number of ways to build a “physical” cybersecurity strategy in your organization. The key is to take a top-down approach, where the directive comes from top management. Ensure that there is cybersecurity engagement at every level of the organization. Any holes in the strategy will leave you vulnerable to social engineering attacks. Cybersecurity threats occur at every level of the organization and in a number of different ways. Being prepared can save your organization millions of dollars.

 

Share

blog comments powered by Disqus

About the Author

Nicole Robinson