customer

CustomerZone360 NEWS

CustomerZone360 Home

As Data Explodes in Cloud Contact Centers, the Security Spotlight Shifts to Internal Threats and Privileged Access Management

By Juhi Fadia September 28, 2020

Contact Centers are one of the riskiest areas for enterprises, especially those which have a large customer base and are in highly regulated industries.

Like any division of an organization, they are susceptible to Advanced Persistent Threats (APT), malware, ransomware, and more.

When it comes to insider threat risk, there are few areas more vulnerable to insider threat attacks.

Why?

  1. Contact Center employees have access to sensitive customer information.
  2. Contact Center employees are often the lowest paid in the company (or in the outsourced Contact Center representing the company) and may be more susceptible to outsiders offering them money in exchange for access or information.
  3. Contact Center turnover rates are among the highest across industries, with new employees coming in over and over to replace former employees.

With the rapid shift of physical contact centers to the cloud, in large part accelerated by the global pandemic, organizations are finding it harder to control access (as compared to doing so in a physical facility with an "IT" perimeter, which only allows people in the location to be able to access databases and applications).

We're seeing a growing trend towards security software that works in the cloud to protect sensitive data and to help prevent insider threats – whether they are intentional or accidental.

We caught up with Orhan Yildirim, CTO, Ironsphere, a Privileged Access Management company that allows organizations to lock down access, to automatically change passwords, to record and address risky situations in real-time, and does so in a cloud-ready way.

"Contact Center employees have direct access to sensitive customer information, with low-level employees handling hundreds of customers' credit card information, passwords, bank info, health care information, or even social security numbers every day," Yildirim said. "This level of direct access comes with an inherent spike in risk, especially when the situation is magnified as the cloud is being used to support at-home workers in large numbers. We're finding that many Cloud Contact Center operations teams are not aware that there are relatively easy, immediate fixes available with PAM software when it is architected for the cloud from the ground up."

Employees who are struggling financially are much more likely to be tempted by offers from outside agents, which creates a highly risky context. "Especially with recent economic pressures due to the pandemic, there are now large numbers of insiders who are more likely to need money, and we've already seen examples of this over the last few months," Orhan Yildirim remarked. "There is no need to wait for months to set up the solution – a solution which is affordable and can scale up quickly after initial implementation."

Most insider data theft takes place when an employee is leaving the company, according to some analysts. With the average US contact center turnover rate at around 33% per year and 55% in India, this is an important threat to focus on. "These rates mean that organizations are constantly exposing themselves to departing employees taking and sharing sensitive customer data when they leave," Yildirim stated. "A high turnover rate means a greater number of employees are passing through each year, which means more data being exposed to more people. The threats are real."

So, should every employee be treated like a potential criminal?

"Tight restrictions will hinder productivity, frustrate employees, and upset customers," Orhan Yildirim noted. "In fact, customers appreciate personalized service – so they can get their questions answered quickly, with contextual information, even if it means agreeing to have that information presented to whichever agent responds. Instead of a 'command and control' culture, our clients appreciate a different approach, which is gaining true visibility into employee activity. With this information, that we can collect and manage in real-time, including using automation to predict issues or present an alert to a manager in real-time, operators can target the real risks within the company while still delivering friendly customer experience."

Orhan Yildirim explained that most contact center employees should be accessing the same types of applications and information within existing databases. If an employee starts deviating from that normal behavior, by using software to track all activities, while also using that software to constantly validate access and automatically change password, security teams are ready to leap into action.

"Achieving compliance with regulations, for example, HIPAA, PCI, SOX and more, has always been complex, but is becoming even more challenging when regulations tighten after each breach," Yildirim said. "Regulations are moving faster and growing more complicated; as they do, the audit process remains antiquated and slow. Another great benefit of using a PAM solution is simplifying audits for the company and auditors, and even the regulatory agencies, with more visibility and cleaner reporting."

Orhan Yildirim summarized by saying that while the risks are growing, and legacy approaches are as complicated as the problem, "There are new ways to solve this: software solutions that run in real-time, that are easy to bolt onto cloud applications, and can adapt to changing regulations and new operating models."


Juhi Fadia is an engineer, analyst, researcher and writer covering advanced and emerging technologies.

Edited by Maurice Nagle

Correspondent

SHARE THIS ARTICLE
Related Articles

NICE inContact Meets Contact Center Agility and Intelligence Needs Head On with Latest Release

By: Erik Linask    10/16/2020

NICE inContact leverages AI and machine learning to deliver new actionable intelligence for better customer engagement.

Read More

Will 2021 Be the Year of Ying and Yang in Contact Centers as AI and Automation Take Hold?

By: Juhi Fadia    10/16/2020

The availability of massive amounts of data is changing how contact centers define and implement their customer experience and engagement strategies u…

Read More

How Different Businesses Are Affected By The Pandemic

By: Special Guest    10/14/2020

As soon as the World Health Organization (WHO) declared that the coronavirus outbreak was a pandemic, it became clear that businesses will be affected…

Read More

How Technology can Dramatically Improve Customer Services in the Banking Industry

By: Special Guest    10/9/2020

Customer experience is a key to success and competitive differentiator not only for banking but across all industries. In this digital era of life, op…

Read More

When Things Get Tough, the Tough Get Going: Contact Center Transformation in an Age of Disruption

By: Juhi Fadia    10/8/2020

Nearly every large enterprise and government agency has a dramatic story about shifting their contact center workforce to a work-from-home (WFH) model…

Read More