sb-nz logo
Story image

Securing work-from-anywhere contact centres

20 Aug 2020

Article by NICE president of Asia Pacific Darren Rushworth.

Like many other sectors, contact centres are embracing a future of work in which employees can work from anywhere. 

But now that employees are geographically dispersed and not operating under the umbrella of an on-premise, secured system, the question of how to secure the contact centre has become a key consideration.

Using a cloud-based infrastructure makes systems and processes available to all staff members as they work from anywhere, but it can also create a security risk if not adequately protected.

While the priority for businesses coping with COVID-19 restrictions was to keep the business operational, now the priority must be to ensure those measures aren’t compromising the organisation’s security. Flexibility will remain essential as employees continue to work from anywhere.

Cybersecurity risks continue to increase for every business regardless of industry. Call centre organisations are attractive targets because they tend to collect payment card data, personal details, and other sensitive information that can be monetised easily.

As such, contact centres must be vigilant as they pivot to the future of work.

Here are the risks which should be addressed within a contact centre setting.

Data security

Work-from-anywhere agents use a combination of chat, email, and phone, with call notes recorded in the system. Contact centres must adopt best practices to protect this information:

  • Only store customer data when necessary
  • Encrypt data during transmission
  • Use identity management to ensure only appropriate users can access data
  • Use a session border controller to authenticate phone calls over a VoIP network
  • Leverage virtual private networks (VPNs) for extra security
  • Implement intrusion detection systems to trigger alerts when unauthorised access is attempted
  • Offer a secure FTP option for data transfers.

Control and compliance

Organisations must comply with various regulations, including Australia and New Zealand’s respective Privacy Acts, and Europe’s General Data Protection Regulation (GDPR). 

Maintaining control and compliance requires:

  • Role-based security models that let customers control what security rights they grant to users
  • Strong password policies and multifactor authentication
  • Regular security assessments to identify and address vulnerabilities or gaps
  • Clear policies and procedures around updates, maintenance and access
  • Relevant security measures such as antivirus, intrusion detection, and identity and access management.

Application security

Work-from-anywhere agents rely on cloud-based applications, so it’s essential to secure these by:

  • Using a thin client or browser-based application at the agent workstation
  • Using SSL encryption to secure all communications
  • Limiting access to applications and their administration according to role
  • Creating and enforcing policies around how data is managed and stored
  • Choosing a flexible platform that allows customisation to fit security needs.

Working with a cloud-based contact centre software provider will likely mean that organisations are more secure than they would be if they continued to rely on their on-premise environment. 

However, it’s essential to double-check the provider’s offering to ensure this is the case. Securing services in a cloud-based environment requires a layered approach and providers should be able to describe how they handle security for each layer.

Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Metallic adds data management and GDPR compliance
Now GDPR compliant, additions to the portfolio include eDiscovery features and support for Microsoft Hyper-V and Azure Blob and File storage.More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Story image
ConnectWise launches bug bounty program to bolster cybersecurity strategy
“Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community's expertise and participation in helping us keep our products secure."More
Story image
Security training and tech: Empowering staff in a hybrid work environment
As employees travel back and forth between home and the workplace, are they walking through the door with cyber threats sitting on their devices?More