The big news in the mainstream press as I was writing this column in December was that celebrities are now eschewing smartphones for flip phones. What you ask? Yes, flip phones, those clamshell devices most people associate with the luddite relative you just saw at Thanksgiving. The reason? They are afraid of their topless photos getting stolen. Of course they could just not take them, but celebrities just don’t seem to be able to help themselves.
This got me thinking. No data center or company is secure anymore either. We know that if hackers really want to get into a company they can. But what we didn’t expect was just how easy it is becoming to prove the point.
It was recently revealed that Iranian hackers have hacked 50 organizations in 16 countries. Cylance said in an extensive report: “Ten of these victims are headquartered in the U.S. and include a major airline, a medical university, an energy company specializing in natural gas production, an automobile manufacturer, a large defense contractor, and a major military installation.”
In addition, a group known as FIN4 is hacking Wall Street financial firms in a bid to gain privileged financial information about non-public upcoming market moving announcements, according to a new report from FireEye. The basic security flaw being exploited here is weaponized documents, which exploit known flaws such as running Microsoft (News - Alert) Visual Basic macros to get ahold of user names and passwords. A suggested way to protect from this is to block VBA macros and FIN4 domains.
Recently Sony had its movies and other important documents stolen. As part of the attack, salary information was taken and, as a result, reporters have decided to turn this information into fuel for, you guessed it, a class, race and gender war.
The hack was bad enough that the FBI warned U.S. businesses via a confidential flash warning regarding software that overwrites a company’s hard drives. A Sony spokeswoman said the company had “restored a number of important services” and was “working closely with law enforcement officials to investigate the matter.”
Of course, all of the above hacks follow in the footsteps of a variety of similar events, many of which involve hackers getting access to retailer data including consumer information, including financial details.
Sadly, there is no flip phone for your data center yet, but be sure you spend enough time, energy and effort ensuring you have done everything you can to keep your corporate assets and secrets – as well as your customers’ personal information – away from prying eyes. Remember, one bad link, clicked upon by accident can wreak havoc if you don’t have the right software and/or procedures in place.
Of course, security breaches don’t necessarily always come from the outside. They can come from your very own employees. That’s why it is important to safeguard delicate information whenever possible from employees as well.
As CUSTOMER’s Executive Editor Paula Bernier (News - Alert) recently reported for TMCnet, companies such as IntraNext Systems offer solutions to help your company do just that. IntraNext Systems recently went public with its iGuard solution, an automated security software that conceals customers’ personal data – like credit card, ID and social security numbers – from contact center agents.
Rather than having contact center agents ask customers for their personal information and then input that sensitive data into their systems – creating the possibility for theft, iGuard allows customers to input their information directly via keystroke or speech. During that part of the call, the agent is blocked from seeing or hearing that information.
Not only can the iGuard solution offer a high level of security – and help contact centers comply with regulations such as the Health Insurance Portability and Accountability Act of 1996 and the Payment Card Industry Data Security Standard – it also can decrease payment handling time by 10 to 15 seconds, says Patrick Brown, president of IntraNext.
IntraNext got interested in this kind of solution a few years ago when its customers were working to meetPCI compliance requirements, says Brown. The company saw an opportunity to use its pause and resume recorder capabilities on this front, he says, as initially customers wanted to pause the recorder when entering payment information. But instead, he explains, IntraNext and its customers decided the best approach was to accept and capture payment information without the agent seeing the payment details as they are entered. The data is kept on the CTI server, which supports Avaya and Cisco (News - Alert) contact center environments, he adds.
Edited by Maurice Nagle