Cookie Preference Centre

Your Privacy
Strictly Necessary Cookies
Performance Cookies
Functional Cookies
Targeting Cookies

Your Privacy

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences, your device or used to make the site work as you expect it to. The information does not usually identify you directly, but it can give you a more personalized web experience. You can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, you should know that blocking some types of cookies may impact your experience on the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site may not work then.

Cookies used

Performance Cookies

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.

Cookies used

Google Analytics

Functional Cookies

These cookies allow the provision of enhance functionality and personalization, such as videos and live chats. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these functionalities may not function properly.

Cookies used




Targeting Cookies

These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant ads on other sites. They work by uniquely identifying your browser and device. If you do not allow these cookies, you will not experience our targeted advertising across different websites.

Cookies used


This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyse your use of our products and services, assist with our promotional and marketing efforts, and provide content from third parties


Here are some suggested Connections for you! - Log in to start networking.

Article : Remote Working for Contact Centres - How to Make Sure Security Isn't Compromised

#contactcenterworld, @eckoh

Why contact centres need to retrace their steps urgently

With customer service at stake, contact centres had little time for attention to detail when rushing into remote working. Gaps in processes and policies are being exposed, whether organisations actually realise this or not.

A recent survey has found that 71% of UK contact centres were not fully ready for remote working during the COVID-19 lockdown.[2] Two thirds had to invest in additional hardware, such as laptops, media servers, networking devices and other hardware. Then there were licenses and a bundle of other issues to think about.

But that's not all. In the stampede, it's been easy to overlook major security implications.

This guide will help you retrace your steps and fix critical vulnerabilities. It's time to get out of crisis mode — and into the safe zone.

....NOTE - content continues below this message


We invite you and your colleagues to join us LIVE as we take the highest rated industry conference back on the road in 2022 - join us and the elite in the industry at the 17th annual NEXT GENERATION Contact Center & Customer Engagement Best Practices Conferences!



Contact centres: Remote working means your attack surface has widened

Normally, IT security strategy focuses on narrowing the ways your organisation could be exposed to attack. There's a tight perimeter around your IT — and it's where you ramp up protection.

But now, your 'attack surface' has widened massively. There's the potential for criminals to steal sensitive data by targeting your remote staff.

Criminals now have more targets and potentially more opportunities, simply because the home environment may not be as secure as the contact centre premises.


So how do we start to remedy the risks?

It's essential to focus on the people, processes and technology involved, so we can mitigate dangers.

Let's take a look at each of these...

Your people: How to avoid having any 'soft targets'

Your employees' security awareness and vigilance is critical to your protection and compliance — and should now play a greater role in company culture.

Four top areas where you need to focus

  1. Devices used by your employees

With remote working, the issue of which devices your staff will use comes right to the top of the agenda. However, this poses a multitude of questions that need answering.

Use of personal devices brings a lack of visibility of the operating systems used, the software that is installed, the level of patching that is done and the threat of installed malicious software.

  1. How staff connect to you

A further concern is how your end-users are connecting to your systems and crossing account data from unsecured locations. You need to know:

Are they are connecting from public networks?

Are they using home or shared networks?

What other devices are connected to these source networks?

  1. Email phishing attacks

You’ll already have heard of these and may have identified increases in phishing attacks — some specific to COVID-19.

Phishing emails can be highly effective because they’re targeted and aim to take advantage of a current crisis. They play on human emotions in a pernicious way and instil a sense of urgency. They also demand action so that end users click on a link or open an attachment.

  1. Non-approved cloud services

Are staff using personalised or non-approved cloud services to store company data? Perhaps they’re doing this in the spirit of productivity, but does it expose you to PCI DSS, GDPR or other compliance risks? You need to know:

Which non-approved communication channels are being used by your agents?

Is integrity and confidentiality being compromised?

Have any of the solutions being used been shown up to have fatal weaknesses?

How to mobilise your employees as part of your security response

Communicate with them frequently around cyber security, awareness and risks — and make this part of your ongoing strategy. Make sure staff are aware of the security challenges of home-working, such as the increased likelihood of data leakage and the threats posed by phishing attacks.

Encourage reporting so people tell you about suspicious emails. Many employees may receive the same email — and so someone's early warning could help IT teams to detect and defend against these attacks.

Create a safe environment to report suspected breaches. Recognise that — while we all aim to avoid clicking on a link — lapses will happen and phishing attacks are becoming more sophisticated and convincing. So, ensure people feel safe to report suspected breaches in a blame-free way. That's because clicking on a link and not reporting it could be the worst outcome of all.


Your processes: Where to set your priorities

With remote working, many standard IT procedures need an urgent recalibration.

Asset management

As we shift to more remote working, employees may have been permitted to take assets home and out of the work environment. It’s vital to understand that assets often include data, such as customer information or intellectual property, that you need to protect. Asset management will give you control of your equipment, which has a monetary and security value. Having procedures in place should ensure assets are tracked and returned when needed.


Reinforcing your acceptable use policy

Your use policy should have clear rules about what's allowed when employees use company equipment. State that company equipment should be used only for work purposes (even when in the home environment). Make your users aware of what cloud providers and services they can use — as this will mitigate some risks of data and leakage into those cloud providers you don't know about.

If you don't issue company equipment, encourage your employees to follow good cyber hygiene and safe working practices with their own devices. Advise them to patch regularly and make them aware of the emerging threats that may impact their security.


Remote access procedures

You need multi-factor authentication — it's a 'must'. Also, end users who are connecting on personal devices must provide you with information about their operating systems and whether they have antivirus software. This will give you some level of visibility of connected devices as well as potentially enabling you to prohibit the connection of out-of-date or unsupported devices.


Starter and leaver procedures

An economic downturn will result in some organisations reducing staffing levels. So, validating the ‘leaver’ process becomes crucial to security. You must ensure that departing users don’t have any residual access rights (across your own systems as well as any cloud solutions or other services they have been using). At the same time, refresh your procedures for new starters and movers, so they're up to date with the new security realities of remote working.


Business continuity testing

This is important in challenging times. By working smartly and being open to change when any shortcomings are highlighted, you can help keep security central to the decision-making process. This will enable you to adapt rapidly in a secure and compliant way.


Your technology: Maintaining PCI DSS compliance in a different world

In so many cases, IT leaders have done a phenomenal job, leading their organisations through a storm by provisioning tech and services to maintain essential business services.

Perhaps you've had to re-shape the way your company works to incorporate on-premise and remote operations — and it's saved the day in many ways? Maybe this has underlined the importance of a flexible IT strategy and the need for innovation?

If so, then an obvious move for organisations to consider is the de-scoping of their contact centres (and remote workers) from PCI DSS by teaming with a third-party partner for payments processing. This can significantly reduce the compliance challenges from everyday security threats and major challenges that arise unexpectedly.

The security rationale and business case for keeping sensitive information out of your entire (office and remote) environment through de-scoping has never been stronger.

Aside from this, here are seven actions for organisations to strengthen compliance:

Reach out to your technology vendor, highlighting your changing needs.

Do due diligence when evaluating any IT solutions to make sure that you receive an attestation of compliance — for example, if it’s a PCI DSS compliant solution.

Review the responsibility matrix to make sure that it is going to meet your needs.

Adopt a multifactor authentication approach because there’s a lot of technologies out there that might seamlessly integrate into a wide variety of both VPN endpoints and end user devices.

Consider email filtering. It offers good protection against phishing attacks

Flag external source emails. This can help users to identify malicious emails that pretend to be from colleagues. It can help them understand the risks and identify future suspicious emails and content.

Scan connected devices to identify malicious traffic that’s originating from some of your connected entities. Carrying out log reviews that will help you discover if any suspicious behaviour is occurring such as numerous failed login attempts or attempts to access unauthorised areas.

Using security to give your organisation the edge

A crisis poses challenges but it also provides the opportunity to re-shape and then re-examine your employee policies, business processes and technologies. It’s important that we recognise any shortcomings — so security is kept front-of-mind and becomes embedded in an organisation’s culture. It will make any plans you have more robust and fit for purpose in the future.

#contactcenterworld, @eckoh

About Eckoh:
Company LogoEckoh is a global provider of Secure Payment and Customer Engagement solutions via our Eckoh Experience Portal. We’ve an international client base and offices in the UK and US. We're providers in transforming contact centre operations by delivering customer experiences across every channel, boosting agent productivity, reducing operations costs and maximising payment security. We’ve over 20 years’ experience in contact centre technology solutions. Eckoh has been a PCI DSS Level One Service Provider since 2010.
  Company Blog   Company RSS Feed   Company Facebook   Company Twitter   Company YouTube   Company LinkedIn   Company Profile Page

Today's Tip of the Day - Suggestion Box

Read today's tip or listen to it on podcast.

Published: Wednesday, July 22, 2020

Printer Friendly Version Printer friendly version

2022 Buyers Guide Surveys

Nuxiba Technologies

Provide an unparalleled, engaging user experience for the creation of dynamic voice broadcasting campaigns. Its block-based interface enables you to develop easy to complex call flows aligned with given strategic business targets by simple drag and drop operations.

Mass Automated Telephone Surveys are based on a key-pad answering system that enables you to poll large audiences with your own custom questions. They are great for:

- Building Customer Loyalty
- Lead Generation
- Enhancement of Current Service Portfolios

Manage the platform with great ease and assess your results. Schedule your demo or request a quote today!

About us - in 60 seconds!

Submit Event

Upcoming Events

The 17th Annual Best Practices and Conferences are here! Meeting Point for the World's Best Contact Center & CX Companies! Read More...
Showing 1 - 1 of 5 items

Newsletter Registration

Please check to agree to be placed on the eNewsletter mailing list.

Latest Americas Newsletter
both ids empty
session userid =
session UserTempID =
session adminlevel =
session blnTempHelpChatShow =
session cookie set = True
session page-view-total = 1
session page-view-total = 1
applicaiton blnAwardsClosed =
session blnCompletedAwardInterestPopup =
session blnCheckNewsletterInterestPopup =
session blnCompletedNewsletterInterestPopup =