Blog

Five (5) Basic Data Security Protocols Every Call Center Should Have

February 15, 2019 Ronnie Mize

In a study out of the Clark School at the University of Maryland, researchers found that there is a hacker attack approximately every 39 seconds. A cyber-attack on a private user can be devastating enough, but in a call center that handles sensitive customer information daily, a data breach can be disastrous. Corporate security should be a top priority in every call center. Here are five ways to protect your customers, your employees, and your company.

  1. Install Strong Perimeter Security and Protective Software

Call center data security hinges on how well your systems are configured and your network’s protection capabilities. You must be able to control what information can get in and out of your infrastructure. You should also have measures in place to thwart malicious attempts to infiltrate your systems and steal or corrupt sensitive data. To accomplish this, you need both a firewall system and anti-virus/anti-malware software.

This first Protocol hits from multiple points. Defending the perimeter and defense on the inside of the perimeter. When we discuss perimeter control for the organization, we are discussing the outer layer of the network infrastructure. Think of it in this way; you have a secure building with one entrance. That entrance has a security guard that controls who enters and who leaves as well as what each can bring into the building and what they are allowed to leave with. The building represents your network, and everything inside is what resides within your network (Files, users, computers, etc.) The security guard at the single entrance represents your firewall and how well he/or she performs their task represents how secure your network is guarded.

A firewall is a virtual boundary between your network and the outside world. It is your network’s gatekeeper so to speak. It uses a defined set of rules to determine what information is allowed into the network and what information can leave the network. It can also be utilized to control external access for employees through the use of a configured whitelist. It is important to have a firewall to protect the security of the organization, but it may also be helpful to have additional protection for the call center itself, preventing private customer information from leaking even to other parts of the organization where it isn’t needed.

No matter how strong your firewall is, there are still ways that a malicious actor can gain access to your systems. Someone introduces a malicious file to your file system (knowingly or unknowingly) is always a consideration. Phishing attempts to employee email causing someone to click on an attachment or link causing malware to be downloaded to your internal systems through their workstation. These scenarios make it possible for a hacker to gain access to your infrastructure still. Malware can infect your network, causing it to malfunction, leak private data, open back doors for malicious actors, etc. Every system (workstations, servers, mobile devices, etc.) accessing your network should have anti-virus software installed to protect against malware that gets past the firewall. Multi-layered security increases the protection of your network and the sensitive data it contains.

  1. Ensure employees use Complex Passwords and Understand How to Keep Them Safe

A strong password is one of the easiest ways to safeguard corporate security. I have seen so many people use easy passwords that can be easily cracked and yet passwords are the core protection component of our identity security. An excellent password is devoid of information that is easy to obtain, such as your birthday, pet names, etc., and it should not include common words or digits that are together on the keyboard. Passwords can be easy for you to remember but should contain a combination of upper and lowercase letters, numbers, and special characters. By using a combination of these, it becomes increasingly difficult for the password to be cracked.

A single set of credentials should not be used by multiple individuals to access an account and system. Employee credentials should be back traceable to only them, and their respective passwords should only be known to them. Having a unique password for each system limits access in the event of a breach. This practice can protect the main network if only one account is compromised. You can set up rules to ensure that employees choose passwords that are complex and difficult to crack. Several free password managers such as https://.www.LastPass.com/  and https://www.Dashlane.com/  are available for establishing and remembering complex passwords.

Rotating passwords at a minimum of every ninety (90) days will greatly reduce the likelihood of your credentials being cracked and can also prevent repeated access to the same account.

  1. Encrypt Sensitive Information at Rest and in Transit

Unless you have been living under a rock, you have heard the quote “There are two types of companies, those that have been hacked, and those that don’t yet know they’ve been hacked.” If this is true, what happens once an organization is infiltrated? We must look at the primary purpose of someone maliciously gaining access. To access and exfiltrate protected information. What if we look at it from this point of view? Even if they access the information, they can’t do anything with it. They have gone through all that effort to gain access to something they can’t even use! 

If your call center is receiving, processing, storing, and/or transmitting sensitive data, encryption provides an extra layer of corporate security to discourage malicious actors. Encryption turns readable text into a set of numbers or symbols called ciphertext. There are three basic types of encryption:

  • Symmetric – The same key is used to encrypt and decrypt the message.
  • Asymmetric – A public key is used to encrypt the message, and a separate, private key is used to decrypt it.
  • Hashing – An algorithm is used to create a unique hash for each data set to make comparing data sets and recognizing tampering easier.

Encryption allows you to protect information classified as sensitive by providing an extra layer of security. Only those who are supposed to read the message have the tools to do so. You should break down all process and data flow in the organization and trace the data. Document where the data resides, who has access, where does it come from, and where does it flow. Ensure you are using strong encryption at every level and you will be putting an additional safeguard in place that protects the sensitive information of your employees and your clientele.

  1. Update System Patches and Software Regularly and Backup Important Files

Information security is as important to the creators of the programs you use as it is to you. Software and systems providers are constantly working on improvements to their products to improve functionality and increase resistance to cyber-attacks by patching vulnerabilities. When a weakness is discovered, it is corrected, and an updated version of the program is made available to clients. The caveat to this is that these patches are then published for everyone to see. So, if you’re a hacker, you do not have to find a vulnerability to software or systems. You simply look for published patches, what vulnerability they fix, and then find someone using the software and/or system which has yet to install the patch. You can now exploit the vulnerability. Keeping your systems patched and updating your software programs regularly ensures that you are always using the latest and most secure versions. This will greatly reduce the chances of a vulnerability being exploited in your environment by a malicious actor.

You should also perform a regular backup on all the data in your system. Sometimes, when a data breach occurs, information is not just accessed but stolen and locked and held for ransom (ransomware). You are then usually told to send funds, usually in the form of cryptocurrency, to have your data released/restored. Sometimes even after an organization releases the requisite funds, the malicious actor will ask for more or not return the data at all. It is bad enough to have private information in the wrong hands. You don’t want to lose that information yourself in the process. A weekly backup of all the data in your system, as well as a daily incremental backup, can prevent such a loss from occurring. If your data is held for ransom, blow it out and reinstall from backups.

  1. Create an Atmosphere of Security Awareness in your Organization

It is not enough for a few staff members to understand the importance of protecting sensitive data. Your corporate security is only as strong as the knowledge of your least informed staff member. Uninformed staff are your weakest link and make no mistake; they are a prime target for malicious actors. Every employee needs to be aware of your organization’s security policy and his or her role within it. You should ensure every employee understands data classifications and how to handle each.

Cybersecurity training should start during the onboarding process. Because this topic is so important, consider offering a variety of training options. Some employees may learn best in a self-paced, online video session, while others benefit more from face-to-face, interactive training. No matter the method, there are a few skills every employee needs to know before gaining access to sensitive information:

  • Recognizing a phishing attack
  • Not clicking on embedded links and/or files unless expected
  • Employing social media discretion
  • Using multi-factor authentication
  • Reporting suspicious and/or fraudulent activity

Learning how to protect sensitive information is an ongoing process. You should further improve corporate security by offering training sessions throughout the year. A yearly mandatory refresher session not only helps workers retain vital skills but also communicates the value the organization puts on information security. As employees log training hours, they become more confident in their ability to protect the information of everyone who communicates with the call center.

Every call center needs to have multiple levels of data security in place, and every person who handles sensitive information must know how to protect it. By partnering with a leader in the customer engagement industry, you can trust that your clients’ information will be kept safe. Contact us to discuss your specific needs and to discover how Etech can help.