COVID-19: Call center agents at home?
Feb 19 2021

Call center security: best practices

A remote work environment challenges call centers all over the world to deliver the expected security standards. Despite the growing popularity of digital services, more and more phone calls are being made today, especially for business-customer interactions. This new normal implies an additional focus on data protection. Any breaches or security incidents can not only harm a call center’s reputation and frustrate clients but attract serious regulatory fines as well.

By 2023, 65% of the world’s population will have its personal data covered under modern privacy regulations, up from 10% in 2020, according to Gartner, Inc. Some of the widely known regulatory standards include GDPR (General Data Protection Regulation), applied to Europe, and CCPA (California Consumer Privacy Act), approved in 2019 for companies with operations or customers in California. To stay compliant with national and regional regulations and continue to deliver excellent customer service, call centers have to make a bigger emphasis on security.

Security essentials for external threats

Even though ensuring the protection of dispersed workspaces falls outside the scope of call center software, managers need to make sure that their internal security policies are clearly defined, and that every employee adheres to them. 98% of all cyberattacks directly target individuals—which, in this case, means your call center agents—typically through phishing attacks and other kinds of social engineering. Holding training sessions on common cyberattack techniques is a good way to keep your staff on guard against these threats. To further protect login credentials and access details, you should make sure that your security protocols include the basics, like timely software updates and antivirus protection.

Vulnerable data protection for internal threats

Call center agents have access to the most prized and vulnerable part of the organization—client data. The vast majority of call center employees will never steal this data, but it only takes one bad apple to trigger an international scandal. To name one of many examples, in 2015, a Citibank call center employee in the Philippines sold the data of 30 clients to a crime syndicate in Australia, allowing the syndicate to acquire fraudulent credit cards and bank loans, and costing Citibank clients over a million dollars.

The built-in security features offered by modern call center software ensure that your business will never wind up in a similar situation. One of these features is called phone number masking—a simple yet highly effective way to protect clients’ personal data, which works by hiding private contact details from agents. And the numbers themselves are far from the only thing that can be kept from agents’ view. With modern call center technology, administrative managers can make sure that historical reports or call detail records are accessible only by chosen groups or individuals, who—if something goes wrong—can later be held accountable.

When it comes to access to the overall call center system, basic software usually offers three to four fixed administrative roles with pre-set access settings. Sophisticated solutions, by contrast,  offer unlimited custom role creation, which allows you to adapt standard access levels to suit the needs of your call center.

Features like data access reports and security log streaming may seem excessive for some call centers, but should certainly be considered essential for comprehensive protection plans. Keeping track of all actions—by agents, supervisors, or anyone else—and exporting logs to your external security system play a key role in monitoring and investigating any unusual behavior.

Secure communications and data protection during the call itself

Less sophisticated—but just as crucial to the safety of your call center—are the standard features which protect the calls themselves. The conversations between your agents and clients are also ripe targets for fraud or other forms of unauthorized access. From the moment a caller reaches the IVR or an agent, and throughout the entire length of the call, their sensitive personal and financial information is at risk. Strong security protocols attend to both the media—the content of the calls—and the signaling, i.e., the method by which the calls are transmitted.

Call centers in the financial or banking sectors are especially vulnerable to fraud as the data they work with is a high-value target. To comply with legal requirements and protect data from getting into the wrong hands, agents may exclude some part of the conversation from being stored in the call center. This process is called selective recording, and it is an essential part of  PCI DSS compliance for any call centers that handle payments.

With the right software, all your security concerns will be taken care of. Voiso’s comprehensive approach involves customizable role-based administration, number masking, selective call recording, encrypted communications, security log streaming, and sensitive data access reports.

Reach out to one of our experts today to find out how we can help you maintain your customers’ trust.