SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Securing work-from-anywhere contact centres
Thu, 20th Aug 2020
FYI, this story is more than a year old

Like many other sectors, contact centres are embracing a future of work in which employees can work from anywhere.

But now that employees are geographically dispersed and not operating under the umbrella of an on-premise, secured system, the question of how to secure the contact centre has become a key consideration.

Using a cloud-based infrastructure makes systems and processes available to all staff members as they work from anywhere, but it can also create a security risk if not adequately protected.

While the priority for businesses coping with COVID-19 restrictions was to keep the business operational, now the priority must be to ensure those measures aren't compromising the organisation's security. Flexibility will remain essential as employees continue to work from anywhere.

Cybersecurity risks continue to increase for every business regardless of industry. Call centre organisations are attractive targets because they tend to collect payment card data, personal details, and other sensitive information that can be monetised easily.

As such, contact centres must be vigilant as they pivot to the future of work.

Here are the risks which should be addressed within a contact centre setting.

Data security

Work-from-anywhere agents use a combination of chat, email, and phone, with call notes recorded in the system. Contact centres must adopt best practices to protect this information:

  • Only store customer data when necessary
  • Encrypt data during transmission
  • Use identity management to ensure only appropriate users can access data
  • Use a session border controller to authenticate phone calls over a VoIP network
  • Leverage virtual private networks (VPNs) for extra security
  • Implement intrusion detection systems to trigger alerts when unauthorised access is attempted
  • Offer a secure FTP option for data transfers.

Control and compliance

Organisations must comply with various regulations, including Australia and New Zealand's respective Privacy Acts, and Europe's General Data Protection Regulation (GDPR).

Maintaining control and compliance requires:

  • Role-based security models that let customers control what security rights they grant to users
  • Strong password policies and multifactor authentication
  • Regular security assessments to identify and address vulnerabilities or gaps
  • Clear policies and procedures around updates, maintenance and access
  • Relevant security measures such as antivirus, intrusion detection, and identity and access management.

Application security

Work-from-anywhere agents rely on cloud-based applications, so it's essential to secure these by:

  • Using a thin client or browser-based application at the agent workstation
  • Using SSL encryption to secure all communications
  • Limiting access to applications and their administration according to role
  • Creating and enforcing policies around how data is managed and stored
  • Choosing a flexible platform that allows customisation to fit security needs.

Working with a cloud-based contact centre software provider will likely mean that organisations are more secure than they would be if they continued to rely on their on-premise environment.

However, it's essential to double-check the provider's offering to ensure this is the case. Securing services in a cloud-based environment requires a layered approach and providers should be able to describe how they handle security for each layer.