Information Security
Contact center risk management: Securing your contact center for a hybrid workforce
By Jennifer Bonacci
0 min read
The person who said “out of sight, out of mind” clearly wasn’t in charge of securing a hybrid contact center.
Understanding the evolving threat landscape of your hybrid contact center empowers you to keep your customer data safe and protect your organization’s intellectual property and brand from malicious attacks.
Recent data leakages have shown us that organizations that don’t protect their data can have severe fallouts beyond legal penalties. Data is a valuable asset for every company, and customers expect their data to be safe. Any breach can have dire consequences, negatively affecting both customer trust and business profitability.
Your hybrid contact center is run off of a spider web of decentralized home networks which increases the number of its vulnerable attack vectors — weaker points in the tech stack infrastructure created when home and business systems, and Internet of things (IoT) devices are linked together.
With escalating amounts of data flowing across systems and hybrid workforces, contact centers have a fundamental role in maintaining data security and protecting organizations from cyber threats. A security framework originally designed for a single, in-office network controlled by your IT department is no longer sufficient protection.
Technology helps secure the contact center.
One of the biggest challenges facing your contact center in its shift to hybrid is maintaining full visibility over user activity, like always knowing who is logged into your contact center, including their source IP addresses.
At a macro level, your IT team is likely to enforce network access control (NAC) with a zero-trust policy: a proactive approach to access management that is gaining traction in an increasingly remote-work world. Applicable to users both within and outside the organization, this comprehensive security model requires authentication (e.g., single sign-on, multi-factor authentication) and user authorization before granting limited permissions within specific contexts.
Under this IT umbrella, floor supervisors work on a micro level to monitor and manage agents and their access to programs and data. In a hybrid contact center, there is no “floor” to speak of. However, supervisors and admins are still expected to hold agents accountable and comply with company policies and procedures. Not only that, supervisors and admins are now also expected to make sure their remote workforce will not be a drag on system performance and that operational efficiency will be maintained.
Fortunately, it is possible to digitally protect the hybrid contact center and mitigate the risks of unpredictable work from home (WFH) infrastructure. Oversight of a distributed workforce can be accomplished by accessing detailed agent profiles and automated reports that monitor agent compliance, for example. Supervisors and admins can uncover inefficiencies and stay ahead of any potential issues (abuse of trust, suspicious behavior, etc.) that would otherwise be hidden in a remote work environment with insights into key data, including the:
- Type (e.g., VPN) of home network connection.
- Quality of home network connection, with information on mean opinion scores (MOS) metrics like Jitter, Packet Loss, and latency.
New technology designed for the hybrid contact center gives admins and supervisors more autonomy to manage their agents in real-time and more power to successfully address situations as they arise. Knowing the type and quality of an agent’s network connection, for instance, doesn’t just give insight into potential issues—it also allows those admins and supervisors to intelligently route calls to those agents with the strongest network connections to ensure a better call quality experience.
Digital security for a distributed workforce and a hybrid contact center means more than relying on IT for authorization and permission to access a system. It means empowering the people closest to the issues to address and handle problems as they arise.
Physical security is more important than ever.
With so much focus on digital security, it’s easy to forget that physical hardware and security restrictions for your hybrid contact center are more important than ever. The central office will be a revolving door of employees coming and going, with a workforce more or less splitting their time between home (or another remote location) and being on-site. This may mean higher instances of loss, damage, or theft of company-issued hardware like laptops.
Whether company-owned or personal, it is recommended that all devices with access to systems and data are secured with enterprise identity, access management, and asset management programs that provide:
- Multi-factor authentication and single sign-on capabilities.
- Hardware tracking and bricking failsafe.
Whether remote or in-person, supervisors and admins are likely to be the first point of contact for agents who are experiencing issues connecting, accessing the contact center platform, and more. Providing them with the right tools and keeping them apprised of new digital and physical security protocols will help you secure your contact center for a hybrid workforce.
The increased movement between locations exposes remote employees to more threats. In addition, some agents, especially those who work between home and office, may find themselves relaxing their standards when in an unsupervised environment.
To help prevent unauthorized access, all employees must keep their workspace secure by following such procedures as:
- Always locking/logging out of the computer when not in use—even if it’s only for a moment.
- Not letting a roommate, child, or anyone else use their work equipment.
- Not accepting or using USB drives with unknown origins.
- Disabling Bluetooth and automatically connect functionality to prevent their computer from connecting to unsecured public networks or devices while in transit.
- Not using shared or public chargers while traveling.
- Packing the computer in a protective case and keeping it out of sight (while not in use) during travel.
Nevertheless, set the expectation that all employees, no matter their location, will not always follow security protocols.
checklist
Security checklist: Hybrid contact center
It’s only a matter of time: How to prepare for the inevitable.
It’s true that the more remote workers you have, the more susceptible your contact center is to hackers, insider threats, and viruses. It’s also true that threats are everywhere, and data breaches are inevitable, regardless of what kind of contact center you have.
But you can take action with a proactive contact center risk management strategy tailored to your workforce model, whether that’s traditional in-office, 100% remote, or hybrid.
For the hybrid workforce and contact center, it begins with taking a collaborative approach with IT, operations, InfoSec, and contact center management to develop a new security framework by:
- Evaluating the security needs of your new hybrid work environment.
- Assessing if your current security measures are meeting those needs.
- Mapping the capabilities of your people against the actual risks your organization faces and being realistic about where your strengths and weaknesses lie.
- Devising and implementing a strategy to systematically address any gaps in security.
If you are ready to take the next step and need more in-depth information on keeping your customer data safe and securing your hybrid contact center from external attacks and insider threats, download our security checklist.