Counting the costs of a contact centre data breach (and how to minimise your risks) - Cognia - ContactCenterWorld.com Blog
By taking a proactive approach you can eliminate over 70% (Ponemon Institute) of the potential causes of a data breach in your contact centre
British Airways’ air-miles accounts, the coding site GitHub and the work chat service Slack have all been hit in the latest wave of cyber-attacks.
Complaints about points being stolen from BA’s Executive Club scheme date back at least a fortnight. One user reported a false booking for a hotel room in Spain, while others reported that a list of fraudulent transactions had wiped out their entire credit.
This kind of high profile data breach is regularly making the news and usually involves cyber criminals stealing hundreds of thousands of passwords, customer account details or credit card data.
While it is probably never going to be possible to 100% safeguard your company from attacks, the good news is that you can take simple and cost effective steps to prevent them and shore-up your defences.
What could a data breach cost your company?
According to a recently published IBM/Ponemon report, the average cost of a data breach rose 15% in the last year to nearly £2.5 million. The average cost of each lost or stolen record increased by more than 9% to £98.
Costs are split into two groups; direct and indirect. Direct costs are those involved with managing the breach, investigating its cause and taking corrective action, as well as legal costs and regulatory fines. These only account for about one-third of the total costs.
Indirect costs are harder to quantify and their effects are longer lasting and far reaching. They include increased customer turnover, increased customer acquisition costs as well as loss of reputation and goodwill.
What are the causes of data breaches?
Various sources give different figures, but all agree that there are several major categories. The 2013 Ponemon Institute report “The Post Breach Boom”, gives the following figures (note that each respondent to the survey was able to choose more than one response):
What becomes clear from these figures, and is corroborated by other research, is that the majority of data breaches result from factors that are under a company’s control: its employees, contractors, service providers, processes and systems.
What about the contact centre?
All possible causes of data breach are in play in the contact centre. Now that most contact centres are multi-channel hubs interfacing both with the web and numerous business unit data silos, malicious criminal attack by outside hackers will always be a concern.
But given the nature of contact centre operations – people using systems to process transactions – the biggest threats are all internal. To be more specific, data breaches in the contact centre will nearly always be traced back to some failure in key systems or processes that allow sensitive customer or company data to be exposed to unauthorised staff or third parties.
With so much at stake in terms of your brand’s reputation and goodwill, it is arguable that information security is now one of the most important factors in any customer experience strategy.
What steps should be taken?
Measures will differ and have a different emphasis depending on which payment acceptance channels are dominant. QSA assessment is a key way to validate compliance with the PCI DSS, but this still needs to fall within an overall information security framework that the whole organisation supports.
For example, if taking phone payments is a key channel for your contact centre, arguably removing your systems and people from PCI DSS compliance scope is the best way forward and the most cost effective in the long term. All IT systems and networks accessible by contact centre agents, back-office staff, supervisors, QA staff IT staff and third parties are vulnerable, so remove them from the risk path.
Other approaches such as setting up ‘clean room’ environments or choosing not to take voice card payments at all, offer additional ways to reduce the risk of a data breach, but considerations of practicality, cost and customer experience all need to figure in establishing a strategy that is right for your business.
By taking a proactive approach you can eliminate over 70% (Ponemon Institute) of the potential causes of a data breach in your contact centre. Given the direct and indirect costs of such breaches are so high, allocating budget now to prevent them could save you a fortune in the future.
First published in CallCentre.co.uk
Publish Date: April 10, 2015 5:00 AM
|All Suppliers||Get Listed|
(VIEW OUR PAGE)
CTI Software is the creator of custom application called Davos, which complements the telephone client solutions with intelligent features such as automated call attendant, call recording and archivin...
(VIEW OUR PAGE)
HigherGround develops data collection, information storage, and interaction analytics solutions that easily transform data into actionable intelligence, enabling operational optimization, enhanced per...
(VIEW OUR PAGE)
Advanced AI technology and Natural Language Processing delivered to clients in the Cloud that harnesses both voice and digital conversations. The focus is on building an environment where intelligent ...
View more from Cognia
Recent Blog Posts:
|The hidden costs of pause and resume payment processing||March 30, 2016 5:00 AM|
|Cloud vs Onsite – 6 ways cloud beats on-premise infrastructure for contact center operations||August 13, 2015 5:00 AM|
|10 Reasons why contact centres are embracing the cloud||July 10, 2015 5:00 AM|
|The risks of payment card fraud and data breaches haunt contact centre managers||May 20, 2015 5:00 AM|
|Counting the costs of a contact centre data breach (and how to minimise your risks)||April 10, 2015 5:00 AM|
|How can you cope with new PCI DSS 3.0 requirements?||March 16, 2015 5:00 AM|
|PCI DSS compliance without the hassle and risk||March 6, 2015 5:00 AM|
|SSL is dead. Long Live SSL||February 23, 2015 5:00 AM|
|The journey of a PCI-DSS compliance project – Part One||February 9, 2015 5:00 AM|
|Breach, Brand and 5 things we know about PCI for 2015||January 27, 2015 5:00 AM|