Data security becomes crucial when the contact center goes remote

Contact centers are conducive environments for fraud and data theft due to factors that are unique to them.
15 June 2021

Data security for the remote contact center revolution. (Photo by PAU BARRENA / AFP)

  • So much about customer service changes in an online-only world, and security needs to be part of that change
  • Remotely located endpoints can pose significant security risks, given how the contact center contains a wealth of sensitive information

The new work-from-home contact center environment provides a safer path for business continuity, but it comes with security concerns. Contact agents are more vulnerable to nefarious actions from cybercriminals who hope to use the crisis as a lure for ransomware and phishing scams. And remote work arrangements have operation heads scrambling to secure data and regulate the technology used by agents.

The Covid-19 pandemic has led us to anticipate the future of the contact center and if anything, it’s going to be remote. The remote contact center concept is likely to continue as organizations grow more comfortable with work-from-home environments and realize the benefits of moving to all-remote contact centers, including reduced absenteeism and improved service levels.

In fact, contact centers are no strangers to remote work. According to a study by Nemertes Research, 59% of contact centers around the world let at least some of their staff work from a home office pre-Covid-19. That figure now rose to 74.1% as coronavirus lockdowns forced companies to close offices and transition into virtual contact centers. Once authorities lift these restrictions, 70.7% of businesses are likely to continue allowing agents to work from home in some capacity.

Confronting data threats in remote contact centers

Undeniably, data theft is a real threat to numerous departments within large organizations including finance, product development, and human resources. One study by IBM suggests that the average cost of a data breach is US$3.92 million, and that number is on the rise.

And given how a contact center contains a wealth of sensitive information including customer names, phone numbers, social security numbers, and even card and other payment information that resides on personal computers and corporate servers, data breaches can pose significant security risks to its customers too. 

While the vast majority of call center employees will likely never steal this data, but it only takes one bad apple to trigger an international scandal. To name one of many examples, in 2015, a Citibank call center employee in the Philippines sold the data of 30 clients to a crime syndicate in Australia, allowing the syndicate to acquire fraudulent credit cards and bank loans, and costing Citibank clients over a million dollars.

Unfortunately, the at-home contact agent model comes with such potential security headaches. Remote call center managers can minimize security problems by combining a strong defensive posture, common-sense security policies, and effective supervision. The cost savings and positive morale bonuses gained by hiring remote agents shouldn’t be undone by a costly data breach.

Maintaining the data security of a remote contact center

From a technology perspective, it’s all about locking down endpoints. According to a report by Smart Customer Service, tactics include using a virtual desktop infrastructure (VDI), which allows you to host desktop environments on a centralized server and securely deploy the virtual desktops to employees. If this is not an option, virtual private networks (VPN) can provide data security by encrypting data being sent over a network, making it unreadable.

Employers should also ensure employees store all data in the cloud rather than locally. Best to require employees to use hard-wired connections instead of Wi-Fi, which creates the risk of roamers looking to hijack a connection. Hard-wired internet access also ties employees to their home office space, which ensures they aren’t going to a coffee shop to handle sensitive customer information in a public place and/or working off an unsecured connection.

Another step is by restricting network access to hours of operation only, which mitigates the risk of bad actors accessing networks during off-hours. Finally, the classic two-factor authentication ensures the person logging into a computer or network is the correct user.