Why contact centres need to retrace their steps urgently
With customer service at stake, contact centres had little time for attention to detail when rushing into remote working. Gaps in processes and policies are being exposed, whether organisations actually realise this or not.
A recent survey has found that 71% of UK contact centres were not fully ready for remote working during the COVID-19 lockdown. Two thirds had to invest in additional hardware, such as laptops, media servers, networking devices and other hardware. Then there were licenses and a bundle of other issues to think about.
But that's not all. In the stampede, it's been easy to overlook major security implications.
This guide will help you retrace your steps and fix critical vulnerabilities. It's time to get out of crisis mode — and into the safe zone.
Contact centres: Remote working means your attack surface has widened
Normally, IT security strategy focuses on narrowing the ways your organisation could be exposed to attack. There's a tight perimeter around your IT — and it's where you ramp up protection.
But now, your 'attack surface' has widened massively. There's the potential for criminals to steal sensitive data by targeting your remote staff.
Criminals now have more targets and potentially more opportunities, simply because the home environment may not be as secure as the contact centre premises.
So how do we start to remedy the risks?
It's essential to focus on the people, processes and technology involved, so we can mitigate dangers.
Let's take a look at each of these...
Your people: How to avoid having any 'soft targets'
Your employees' security awareness and vigilance is critical to your protection and compliance — and should now play a greater role in company culture.
Four top areas where you need to focus
With remote working, the issue of which devices your staff will use comes right to the top of the agenda. However, this poses a multitude of questions that need answering.
Use of personal devices brings a lack of visibility of the operating systems used, the software that is installed, the level of patching that is done and the threat of installed malicious software.
A further concern is how your end-users are connecting to your systems and crossing account data from unsecured locations. You need to know:
Are they are connecting from public networks?
Are they using home or shared networks?
What other devices are connected to these source networks?
You’ll already have heard of these and may have identified increases in phishing attacks — some specific to COVID-19.
Phishing emails can be highly effective because they’re targeted and aim to take advantage of a current crisis. They play on human emotions in a pernicious way and instil a sense of urgency. They also demand action so that end users click on a link or open an attachment.
Are staff using personalised or non-approved cloud services to store company data? Perhaps they’re doing this in the spirit of productivity, but does it expose you to PCI DSS, GDPR or other compliance risks? You need to know:
Which non-approved communication channels are being used by your agents?
Is integrity and confidentiality being compromised?
Have any of the solutions being used been shown up to have fatal weaknesses?
How to mobilise your employees as part of your security response
Communicate with them frequently around cyber security, awareness and risks — and make this part of your ongoing strategy. Make sure staff are aware of the security challenges of home-working, such as the increased likelihood of data leakage and the threats posed by phishing attacks.
Encourage reporting so people tell you about suspicious emails. Many employees may receive the same email — and so someone's early warning could help IT teams to detect and defend against these attacks.
Create a safe environment to report suspected breaches. Recognise that — while we all aim to avoid clicking on a link — lapses will happen and phishing attacks are becoming more sophisticated and convincing. So, ensure people feel safe to report suspected breaches in a blame-free way. That's because clicking on a link and not reporting it could be the worst outcome of all.
Your processes: Where to set your priorities
With remote working, many standard IT procedures need an urgent recalibration.
As we shift to more remote working, employees may have been permitted to take assets home and out of the work environment. It’s vital to understand that assets often include data, such as customer information or intellectual property, that you need to protect. Asset management will give you control of your equipment, which has a monetary and security value. Having procedures in place should ensure assets are tracked and returned when needed.
Reinforcing your acceptable use policy
Your use policy should have clear rules about what's allowed when employees use company equipment. State that company equipment should be used only for work purposes (even when in the home environment). Make your users aware of what cloud providers and services they can use — as this will mitigate some risks of data and leakage into those cloud providers you don't know about.
If you don't issue company equipment, encourage your employees to follow good cyber hygiene and safe working practices with their own devices. Advise them to patch regularly and make them aware of the emerging threats that may impact their security.
Remote access procedures
You need multi-factor authentication — it's a 'must'. Also, end users who are connecting on personal devices must provide you with information about their operating systems and whether they have antivirus software. This will give you some level of visibility of connected devices as well as potentially enabling you to prohibit the connection of out-of-date or unsupported devices.
Starter and leaver procedures
An economic downturn will result in some organisations reducing staffing levels. So, validating the ‘leaver’ process becomes crucial to security. You must ensure that departing users don’t have any residual access rights (across your own systems as well as any cloud solutions or other services they have been using). At the same time, refresh your procedures for new starters and movers, so they're up to date with the new security realities of remote working.
Business continuity testing
This is important in challenging times. By working smartly and being open to change when any shortcomings are highlighted, you can help keep security central to the decision-making process. This will enable you to adapt rapidly in a secure and compliant way.
Your technology: Maintaining PCI DSS compliance in a different world
In so many cases, IT leaders have done a phenomenal job, leading their organisations through a storm by provisioning tech and services to maintain essential business services.
Perhaps you've had to re-shape the way your company works to incorporate on-premise and remote operations — and it's saved the day in many ways? Maybe this has underlined the importance of a flexible IT strategy and the need for innovation?
If so, then an obvious move for organisations to consider is the de-scoping of their contact centres (and remote workers) from PCI DSS by teaming with a third-party partner for payments processing. This can significantly reduce the compliance challenges from everyday security threats and major challenges that arise unexpectedly.
The security rationale and business case for keeping sensitive information out of your entire (office and remote) environment through de-scoping has never been stronger.
Aside from this, here are seven actions for organisations to strengthen compliance:
Reach out to your technology vendor, highlighting your changing needs.
Do due diligence when evaluating any IT solutions to make sure that you receive an attestation of compliance — for example, if it’s a PCI DSS compliant solution.
Review the responsibility matrix to make sure that it is going to meet your needs.
Adopt a multifactor authentication approach because there’s a lot of technologies out there that might seamlessly integrate into a wide variety of both VPN endpoints and end user devices.
Consider email filtering. It offers good protection against phishing attacks
Flag external source emails. This can help users to identify malicious emails that pretend to be from colleagues. It can help them understand the risks and identify future suspicious emails and content.
Scan connected devices to identify malicious traffic that’s originating from some of your connected entities. Carrying out log reviews that will help you discover if any suspicious behaviour is occurring such as numerous failed login attempts or attempts to access unauthorised areas.
Using security to give your organisation the edge
A crisis poses challenges but it also provides the opportunity to re-shape and then re-examine your employee policies, business processes and technologies. It’s important that we recognise any shortcomings — so security is kept front-of-mind and becomes embedded in an organisation’s culture. It will make any plans you have more robust and fit for purpose in the future.
Eckoh is a global provider of Secure Payment and Customer Engagement solutions via our Eckoh Experience Portal. We’ve an international client base and offices in the UK and US. We're providers in transforming contact centre operations by delivering customer experiences across every channel, boosting agent productivity, reducing operations costs and maximising payment security. We’ve over 20 years’ experience in contact centre technology solutions. Eckoh has been a PCI DSS Level One Service Provider since 2010.
Published: Wednesday, July 22, 2020
|1.)||Call Center Studio|
Call Center Studio
Call Center Studio is the world’s first call center built on Google and is one of the most secure and stable systems with some of the industry’s best reporting. It is one of the most full-featured enterprise grade systems (with the most calling features, one of the best call distribution, outbound dialing features and integrations—including IVR, AI Speech Recognition, blended inbound/outbound calling and includes Google’s new Dialogflow and Speech API. Call Center Studio is the absolute easiest to use (with a 10 minute setup), and is the price performance leader with lower equipment cost and less setup time.
DaVinci provides Computer Telephony Integration (CTI) to a library of pre-built applications + UXiPaaS (User Experience Integration Platform as a Service) built specifically for contact centers. As contact center needs evolve, organizations need to have access to extend or create new functionality, without waiting to be a part of a software roadmap. Get the benefits of CTI within your CRM like screen pop, click-to-dial, screen transfer, speed dial and more, but future-proof your contact center so you can expand and integrate how and when you want.
CLink for CRM and Call Center Integration
CLink by Comsys is a middleware that connects in real-time the CRM and the contact center applications. CLink enhances the CRM with interaction management capabilities from the contact center that allow agents to work more productively across all communication channels.
Comsys is a provider of οmnichannel customer engagement solutions that assist companies around the world in delivering unique customer experiences. For the last 15 years, Comsys designs and implements complex projects for clients from the outsourcing, financial services, telecommunications, and retail sectors. Comsys enjoys strategic partnerships with technology vendors like Cisco®, Aspect Software®, and Microsoft® for the delivery of innovative interaction management and contact center optimization solutions.
Today’s call centers need their agents to work more naturally, and respond better and faster. Here, we talk about the innovations Consilium has made with the latest desktop and mobile agent releases of the UniAgent™ CRM connector. From small enterprises to Fortune 500 companies and governments across 110 countries, UniAgent™ comes into action right at the moment of reckoning, making every contact center experience engaging and personalized, powered by simplified customer identification and anticipating customer needs.
UniAgent™ provides CRM integrations between all the Cisco contact center solutions (UCCX, PCCE, UCCE and HCS-CC) and over 20 CRMs, such as Salesforce, Microsoft Dynamics 365...
IntraNext Systems develops agent efficiency tools and data security software solutions for medium-to-large contact centers. Our Event Intelligence® Platform solutions include SmartCTI™, iGuard®, and SmartSIP™. SmartSIP is based on our patented SIP layer technology and provides a DTMF masking solution for VoIP environments.
We know how important it is for a business to obtain data from its customers and to manage them effectively, so we help small to large companies by integrating their CRM with the Virtual Switchboard.
This type of integration will simplify the work of your team and improve the management performance of the contact list and its information.
NovelVox CTI Connector
NextGen Cisco Finesse, Genesys & Avaya Embedded CTI Connectors for Salesforce, Microsoft Dynamics, ServiceNow, Zendesk & more.
What is PhoneIQ?
PhoneIQ is the modern cloud phone system and contact center platform built exclusively for companies on Salesforce. Our all-in-one cloud communications platform brings together power dialing, local presence, voicemail drop, Salesforce call routing, call recording and a complete PBX replacement that lives within your CRM. With support for desktop, mobile, and desk phones, PhoneIQ works seamlessly at the office or remote, logging all interactions in Salesforce and generating reports in real-time.
Companies using Salesforce and looking for a phone system, dialer, or contact center software that provides deep integration capabilities with their CRM and expert Salesforce support.
Easy Contact Center Traffic Analytics (Ec2Traffic)
Prilink Ec2Traffic provides network traffic analytics (NTA) for Internet, SIP Trunk and WebRTC traffic for on-premises and cloud Contact Centers.
Ec2Traffic analyzes network layer 2 to 4, RTP and SRTP packet loss and SIP protocols in real-time from the demarcation point or network edge, generating NTA metadata and requires little telemetry bandwidth.
- Year-round NTA metadata
- Daily CSV files upload to Customer business applications
- Capture packet to Wireshark for Deep Packet Inspection (DPI)
- detect traffic anomalies
- and more ....
|10.)||Teckinfo Solutions Pvt. Ltd.|
InterDialog UCCS - a robust contact/ call center software that helps organizations provide a seamless customer experience across all channels in the customer service journey. All interactions from various channels come to a single unified queue on the InterDialog platform. With unified view agents get to see all historical interactions , enabling him to give a resolution quickly. InterDialog UCCS is a comprehensive Contact/Call Center Software with robust CTI, Unified Q ( ACD), Reporting, Unified Agent Management, Administrator, Supervisor - Monitoring (Pmonitor)
|11.)||The Primas Group|
Primas CX is a CTI-based contact center enhancement suite that takes your contact center software to the next level.
It provides a set of tools that every contact center needs, over and above their vendor features.
*Advanced Call Back in Queue & SMS in Queue
*Agent Screen Pop
*Welcome Back Greeting
*Post Contact Survey
*Dropped Call Reconnect
*Digital Front Door & Many more
As a Vendor Agnostic ISV, we pride ourselves on delivering the best COTS & Custom solutions for any contact center in any industry.
I am checking out all the amazing and daily updated content on ContactCenterWorld.com and networking with professionals worldwide
Send To Friends Post On My Wall