Five (5) Basic Data Security Protocols Every Call Center Should Have

In a study out of the Clark School at the University of Maryland, researchers found that there is a hacker attack approximately every 39 seconds. A cyber-attack on a private user can be devastating enough, but in a call center that handles sensitive customer information daily, a data breach can be disastrous. Corporate security should be a top priority in every call center. Here are five ways to protect your customers, your employees, and your company. Install Strong Perimeter Security and Protective Software Call center data security hinges on how well your systems are configured and your network’s protection capabilities. You must be able to control what information can get in and out of your infrastructure. You should also have measures in place to thwart malicious attempts to infiltrate your systems and steal or corrupt sensitive data. To accomplish this, you need both a firewall system and anti-virus/anti-malware software. This first Protocol hits from multiple points. Defending the perimeter and defense on the inside of the perimeter. When we discuss perimeter control for the organization, we are discussing the outer layer of the network infrastructure. Think of it in this way; you have a secure building with one entrance. That entrance has a security guard that controls who enters and who leaves as well as what each can bring into the building and what they are allowed to leave with. The building represents your network, and everything inside is what resides within your network (Files, users, computers, etc.) The security guard at the single entrance represents your firewall and how well he/or she performs their task represents how secure your network is guarded. A firewall is a virtual boundary between your network and the outside world. It is your network’s gatekeeper so to speak. It uses a defined set of rules to determine what information is allowed into the network and what information can leave the network. It can also be utilized to control external access for employees through the use of a configured whitelist. It is important to have a firewall to protect the security of the organization, but it may also be helpful to have additional protection for the call center itself, preventing private customer information from leaking even to other parts of the organization where it isn’t needed. No matter how strong your firewall is, there are still ways that a malicious actor can gain access to your systems. Someone introduces a malicious file to your file system (knowingly or unknowingly) is always a consideration. Phishing attempts to employee email causing someone to click on an attachment or link causing malware to be downloaded to your internal systems through their workstation. These scenarios make it possible for a hacker to gain access to your infrastructure still. Malware can infect your network, causing it to malfunction, leak private data, open back doors for malicious actors, etc. Every system (workstations, servers, mobile devices, etc.) accessing your network should have anti-virus software installed to protect against malware that gets past the firewall. Multi-layered security increases the protection of your network and the sensitive data it contains. Ensure employees use Complex Passwords and Understand How to Keep Them Safe A strong password is one of the easiest ways to safeguard corporate security. I have seen so many people use easy passwords that can be easily cracked and yet passwords are the core protection component of our identity security. An excellent password is devoid of information that is easy to obtain, such as your birthday, pet names, etc., and it should not include common words or digits that are together on the keyboard. Passwords can be easy for you to remember but should contain a combination of upper and lowercase letters, numbers, and special characters. By using a combination of these, it becomes increasingly difficult for the password to be cracked. A single set of credentials should not be used by multiple individuals to access an account and system. Employee credentials should be back traceable to only them, and their respective passwords should only be known to them. Having a unique password for each system limits access in the event of a breach. This practice can protect the main network if only one account is compromised. You can set up rules to ensure that employees choose passwords that are complex and difficult to crack. Several free password managers such as https://.www.LastPass.com/ and https://www.Dashlane.com/ are available for establishing and remembering complex passwords. Rotating passwords at a minimum of every ninety (90) days will greatly reduce the likelihood of your credentials being cracked and can also prevent repeated access to the same account. Encrypt Sensitive Information at Rest and in Transit Unless you have been living under a rock, you have heard the quote “There are two types of companies, those that have been hacked, and those that don’t yet know they’ve been hacked.” If this is true, what happens once an organization is infiltrated? We must look at the primary purpose of someone maliciously gaining access. To access and exfiltrate protected information. What if we look at it from this point of view? Even if they access the information, they can’t do anything with it. They have gone through all that effort to gain access to something they can’t even use! If your call center is receiving, processing, storing, and/or transmitting sensitive data, encryption provides an extra layer of corporate security to discourage malicious actors. Encryption turns readable text into a set of numbers or symbols called ciphertext. There are three basic types of encryption: Symmetric – The same key is used to encrypt and decrypt the message. Asymmetric – A public key is used to encrypt the message, and a separate, private key is used to decrypt it. Hashing – An algorithm is used to create a unique hash for each data set to make comparing data sets and recognizing tampering easier. Encryption allows you to protect information classified as sensitive by providing an extra layer of security. Only those who