Byron Copley at Five9 explains how contact centres can prioritize their cybersecurity methods.
Contact Centre Cybersecurity Methods, Tools, and Common-Sense Practices to Prevent Data Breaches
We offer some common and not-so-common contact centre cybersecurity methods to help prevent disruption of your business. Hackers continually attempt to breach your contact centre’s database. One day, they might break in.
Presently, worldwide hackers’ infestations assault businesses of all sizes—from global corporations to the esoteric corner shop.
Data is the new covet, and there’s more than enough for hackers to plunder, disrupt, and restrict while concealed at the kitchen table, basement couch, warehouse desk, and even in the sanctuary of certain foreign government buildings.
A Multitude of Cybersecurity Methods
Of course, you know that your contact centres are data gold mines with a wealth of information that cybercriminals want.
It’s almost instinctive for hackers to stalk your databases. Imagine foxes pacing along the wire of an enclosed chicken coop––circling and probing to exploit a weak spot in the perimeter.
Then, they pounce, leaving you to deal with havoc. Security measures do not deter! They are merely in the way until hackers discover a way in.
Contact Centers Should Employ a Multitude of Different Cybersecurity Methods, Including Those Not Required by Mandatory Standards
Otherwise, it could be ransomware. Like Kronos or Colonial Pipeline. Or a malicious software update à la SolarWinds. Perhaps a Distributed Denial of Service (DDoS) interruption.
Maybe even a Telephony Denial of Service (TDoS) occupation. Phishing expeditions still fool enough people for hackers to cast nets targeting millions of email addresses.
Want information on the scope of worldwide cybersecurity breaches in 2023?
However, these numbers for October alone tell the sobering story quite well.
- Number of incidents in October 2023: 114
- Number of breached records in October 2023: 867,072,315
- Number of incidents in 2023: 953
- Number of breached records in 2023: 5,367,966,200
Whatever the Method of the Data Breach, Your Contact Centre Could Be Next
According to Identity Theft Resource Center, reported data breaches in the United States in 2023 as of October 11 have already surpassed 2022 numbers.
The data types exposed included credit card numbers, Social Security numbers, names, emails, addresses, and dates of birth—in the billions—all accessible in contact centres.
In the contact centre space, virtually all data breaches involve an employee/agent acting as an accomplice—either unintentionally or willingly.
Here are some more sobering statistics on the cost of cybercrime.
However, all the news is not this bleak. Many contact centres do apply common-sense safeguards that block backdoors of opportunity. And that’s good—they all just need to do more. Your contact centre probably needs to as well.
Thankfully, our contact centre customers consistently ask how to enhance their servers’ security.
We hear a lot of encouraging requests because they are the right countermeasures that we, along with our partners, can meet. However, not all our potential customers always raise these concerns, so we remind them.
Data Encryption 24/7/365
For example, data encryption is usually one of the first concerns raised, accompanied by “Where will you store our data?” Encryption seems like a basic safeguard, yet, according to Statista, 25% of the world’s data that requires security is still unprotected.
We recommend—and do our part to help ensure—that all our customers’ data is encrypted when at rest, in transit, or in flight to minimize the chances of interception.
But keep in mind that hackers monitor internet traffic the way that Frank and Jesse James tracked train schedules, and they both struck when their targeted treasures left the safety of a secure server or a bank vault.
Even with encryption, hackers can steal customers’ personal information and access their data, so we’re getting added inquiries about technology like phone printing, which can pinpoint the actual location of a mobile phone to prevent Caller ID spoofing.
Such technology is essential for cybersecurity. Human agents need certainty that a customer who wants to authorize a credit card for overseas use isn’t someone in Reykjavík, Iceland, claiming to be from, for example, Royal Oak, Michigan.
Detect a Scam in Progress
And here’s a pro tip. Contact centre managers who monitor the length of every call that reaches an agent can help stop cybercrime before it occurs.
When an individual call exceeds the expected length, it’s time to consider that a possible scam is in play.
Could be a vishing scheme, where the caller assumes the identity of a customer or someone in authority, like our caller from Reykjavík. That’s when a manager should check in with the agent for clarification or to help.
This is especially important with the proliferation of inexperienced agents working at home. To keep costs down, entry-level agents often receive the bulk of deflected IVA and IVR traffic.
They need to balance sound customer service with sound security practices, and they shouldn’t rely on their hunches.
Cybercriminals Discover Vulnerability
As a result, voice biometric authentication is gaining popularity because hackers who have already pilfered the answer to “what is your favorite book” will not get past the scrutiny of matching their voice prints to the customers they impersonate.
With cybersecurity, if a human being is the last line of defense, cybercriminals eventually discover vulnerability.
It’s one reason our customers request OAuth—an authentication tool that retrieves user passwords from one access point rather than from individual applications.
OAuth stores all passwords in a single secure location, which helps prevent password theft. It minimizes the chances of agents entering passwords in multiple applications, which reduces the opportunity for hackers to find them.
This feature is important when data is integrated from many disparate sources and is displayed on a unified dashboard to supply a single service-enhancing view of the customer.
Build Your Contact Centre Cybersecurity Arsenal
Another cybersecurity concern we address with our customers is compliance with FIPS 140-2 (Federal Information Processing Standards), which “specifies the security requirements that are to be satisfied by the cryptographic module utilized within a security system protecting sensitive information within computer and telecommunications systems (including voice systems).”
Many contact centres have contracts with U.S. government agencies and, therefore, need to abide by these stringent requirements. However, contact centres not affiliated with the federal government should also adopt FIPS-140.
This is now becoming the case for many healthcare and financial organizations. It may take some time, but it’s time well spent, because FIPS-140 adds a hard-to-breach security layer.
How Many Cybersecurity Methods Are Required? As Many as Possible.
Contact centres should also adopt PCI-DSS (Payment Card Initiative Data Security Standard), which, among other things, promotes the encryption of phone conversations to prevent the recording of credit card numbers to unstructured data files like .WAV or MP3.
Dual-Tone, Multi-Frequency (DTMF) masking and suppression emits an identical monotone rather than the tell-tale sound of individual numbers when a customer enters, for example, a credit card number on a telephone’s keypad.
Session timeouts also surface as a requirement by contact centres to minimize risks of security breaches.
Extended open sessions increase the vulnerability of a database to hackers. Fortunately, proven technology kills the session IDs when the pre-determined auto timeouts activate.
When you add these recommendations to those spelled out in Aceyus’ 2021 blog, it’s quite an arsenal. Remember: A contact centre can never have too many cybersecurity safeguards!
Social Engineering: Cause #1 of Data Breaches
Finally, with all the technological advancements and billions spent on cybersecurity, there is no substitute for the application of a little common sense, which is mostly free of charge.
Common sense is the best method to protect against the largest single cause of data breaches—social engineering.
According to Proofpoint, a firm that specializes in cybersecurity, more than 70% of all data breaches start with phishing or social engineering.
Purplesec pinpoints that number at 98%. Even the most experienced IT professionals have revealed their credit card numbers, Social Security numbers, passwords, and other sensitive data for exploitation.
Here’s an interesting statistic from 2018: 43% of all IT professionals claim to have been targeted by social engineering schemes.
Social engineering is especially destructive in the contact centre space, which supplies limitless opportunities for a clever hacker to convince a vulnerable contact centre agent to divulge sensitive information.
Common-Sense Cybersecurity Methods
With the proliferation of at-home agents, it’s critical to apply a few fundamental safeguards. For example, never write personal customer information on pieces of paper or repeat it aloud with other occupants present. Even something as simple as working in a space with the door closed increases security.
There are other tools to aid such common-sense measures. We mentioned the effectiveness of phone printing and voice biometric authentication, which takes the guesswork out of who’s on the other end of the line and where they are calling from before the damage is done.
There are even applications available that end an agent-customer video call if another individual steps into camera view on the agent side. It may seem extreme, but, these days, is anything sacred in the realm of cyberspace?
Never Open Unfamiliar Website Links or Emails!
One last consideration: the more audacious the request, whether on a call, text, chatbot, or email, the more likely it’s a scam designed to create a data breach.
Case in point: How does anyone know if the person hoisting the 46-inch flatscreen through the main exit of the big box store isn’t simply stealing it? Are you aware that it’s a tactic among thieves to make a bold move like this and see what happens?
That’s where the TVs are, right? So, why not walk in and walk out?
It’s the same with the data stored in contact centre databases—why not just ask for it?
Ultimately, then, to prevent virtually all contact centre data breaches, never (ever!) open email or website links from unknown or suspect senders or offer privileged information to unauthenticated and unauthorized customers.
Before you think this is rudimentary advice, keep in mind that more than 3.4 billion phishing emails are sent out worldwide—every single day.
So, make cybersecurity a high priority for your contact centre. Always make hackers work at gaining access to your invaluable data. Keep the foxes out of the chicken coop.
The best strategy to foil hackers’ attempts to breach your contact centre database is to adopt a layered approach that plugs and overlaps all the potential cracks in your cybersecurity plan. Hackers only need one fissure to split wide open, and they will never stop trying to breach cyber perimeters.
This blog post has been re-published by kind permission of Five9 – View the Original Article
For more information about Five9 - visit the Five9 Website
Call Centre Helper is not responsible for the content of these guest blog posts. The opinions expressed in this article are those of the author, and do not necessarily reflect those of Call Centre Helper.
Author: Five9
Published On: 4th Apr 2024 - Last modified: 6th Dec 2024
Read more about - Guest Blogs, Five9