To deliver seamless experiences in today’s connected world, brands must store and organise a huge amount of customer data. If leveraged correctly, this data can ensure that customer enquiries are met by service agents who are highly informed. These agents should have a wealth of pertinent information at their fingertips, with no need to ask tedious questions or stick to rigid scripts, ensuring the brand’s service is as timely and relevant as possible.

Beyond providing improved knowledge levels to service agents, data also unlocks the potential of personalised experiences, which have become established as key differentiators between brands. From e-commerce sites to supermarkets, we now see leading organisations collecting unprecedented volumes of data about their customers’ behavioural patterns, and tailoring proactive communications accordingly. As we move towards increasingly virtualised environments, such as the Metaverse, the quantity and granularity of data collected will increase exponentially, powering bespoke experiences at a population-wide scale. Although some of the data points required for personalisation in the virtla world will be anonymised, organisations’ contact centres will play a crucial role in protecting the most sensitive customer data – private, customer-identifiable information. Building and preserving consumer trust is, and will remain, essential for organisations wishing to provide personalised interactions.

Before brands get too far ahead of themselves, however, they must do all they can to ensure customer data is secure; no matter what type of data it is. The global average cost of a data breach is approximately £3.8 million, but more importantly, breaches can shatter consumer trust and deter even your most loyal customers from doing business with you. With customers increasingly demanding data-powered personalisation, how can businesses provide this while continuing to protect sensitive information?

As the dust settles on last month's Data Privacy Day it is a good time to reflect on cybersecurity in your contact centre, and how best to keep customers’ data safe. Contact centres handle a significant amount of sensitive customer information, so robust security measures are essential to protect this data from unauthorized access and breaches.

These measures should include:

1. Keeping Remote Staff Safe

Throughout the pandemic, more and more contact centre agents took advantage of work-from-home policies, which helped drive down agent attrition, improve mental well-being, and aid work-life balance. However, the rise of the hybrid remote contact centre workforce also created additional cybersecurity threats. Employees working from home are more at risk of cybersecurity breaches due to insecure home environments, poorer physical security, and outdated security software. Staff living with family or in shared housing are further at risk, especially if their work-from-home setup allows other members of their household to see important data on the screen.

Although hybrid working was accelerated by the pandemic, it has gone on to become a permanent fixture for many businesses, including those employing contact centre agents. To meet the operational and security challenges posed, all providers should implement action controls such as multi-factor authentication and role-based access, ensuring that only authorized staff can access portals linking to private customer information, such as current location or payment history. These methods add another level of security to help prevent data leaks and cyber-attacks. Agents working from home should also connect to the organisation via a business-grade virtual private network (VPN) to help protect against the risks of unsecured home or public Wi-Fi, by providing an encrypted link between the office and the remote work location.

2. The Real Cost of Credit Card Payments

Unsecured card details can easily be copied and used within a matter of minutes, leaving customers who give their card details over the phone at a high risk of fraudulent transactions. Every business that processes credit card information should be Payment Card Industry Data Security Standard (PCI-DSS) accredited, conforming to a set of security standards that safeguard payment transactions against fraud and theft. The most secure type of payment for a contact centre is one that can take payments using any channel of communication, whether over the phone or online, without card details being seen or heard by staff. The most common method of phone-payment security moves customers into a secure environment to enter their sensitive information. In this case, the agent can only hear monotone beeps and see asterisks as digits are keyed in, so payment details are kept secure. Similarly, the call recording contains only the monotone beeps, and hence a card number cannot be recreated by reverse-engineering the tones.

Contact centres can also use fully automated IVR systems, which allow customers to pay without speaking to a human agent. Automated methods ensure that sensitive card information is passed from the merchant to the bank, without being seen or heard by an agent, drastically reducing the risk of a data breach or fraud and guaranteeing compliance. Whilst the PCI-DSS standard doesn’t in itself guarantee protection against malicious attacks, PCI-compliant contact centres that process debit, credit, and pre-paid card information can regularly stay up to date with current PCI-DSS advice to ensure maximum safety of customer payments.

3. Prevent, Protect, and Respond

Over 80% of security breaches involve some kind of human error, so employee training is imperative. In October, the UK Information Commissioner’s Office said that "failing to provide training for staff" could lead to huge fines, as complacency was the "biggest cyber risk businesses face". Regular training and policy assessments work to keep businesses safe from data breaches, malware, and ‘phishing’ email attempts.

Contact centres can protect themselves from data breaches by ensuring that their training and processes are up to scratch. Regularly performing vulnerability assessments and penetration tests can help to identify potential security vulnerabilities, such as unpatched software, weak passwords, and inadequate cybersecurity features. Once identified, any problems should be resolved immediately. Staff should be kept up to date on any changes to policy, and can be sent fake phishing emails to test the quality and effectiveness of their training and thinking. It is essential for any business handling customer data to stay up to date on the latest security threats and implement measures to protect against them.

Finally, it's important to have incident response plans in place to quickly and effectively respond to any security breach. This includes fielding a designated incident response team, regular training for employees on how to respond to security incidents, and having clear communication protocols in place to ensure a rapid and coordinated response. If the worst were to happen, swift responses can help to minimise data loss and strengthen customer trust.

Protecting Your Customers to Protect Yourself

Contact centres play a critical role in customer service, but they also handle a significant amount of sensitive data. As a result, it's essential to implement robust security measures that protect this data from unauthorized access and breaches.

#contactcenterworld, @cgchirp