Did you know that last year alone, around 800,000 cyberattacks were reported, with sneaky culprits exploiting things like WordPress plugins and aiming at businesses’ cybersecurity every 39 seconds?
Cybersecurity becomes our silent shield in the virtual hubbub of call and contact centers, protecting the digital fortresses where agents connect with customers.
Imagine each device as a potential gate; cybersecurity is the guard standing watch. It’s not just about protocols and encryption; it’s weaving a culture of cyber resilience among your team.
And that means equipping your agents with the “digital armor” and training them how to wear and use it to blunt attacks and prevent them from getting through.
In my former role as a call center agent, I’d often catch a breather from the constant phone buzz to tackle email inquiries.
I vividly recall this email about a member’s Medicaid benefits with a link where the customer was curious about their vision coverage. Eager to assist but apprehensive of the link in the email, I called the number left by the member. But on both attempts to connect, I couldn’t get them to answer, and there was no voicemail feature to leave a message.
Undeterred, I replied to the email with our contact number and hours of operation, assuring the member that we could assist them with their vision benefits inquiry.
Cybersecurity becomes our silent shield in the virtual hubbub of call and contact centers...
Here’s the twist: my cybersecurity course made me cautious about the danger of clicking random email links. Clicking could open the door to phishing attacks or even turn my system into an unwitting gateway to infect our call center’s network.
Did you also know that 95% of cybersecurity issues can be traced to human error and that insider threats (intentional or accidental) represent 43% of all breaches? These facts reinforce the need to create cybersecurity awareness.
All Too Common Threats
Here are some of the common threats and attacks companies and call centers face.
Phishing. Attackers can send deceptive emails or messages or even pretend to be someone trustworthy. Here, the bad actor gains access if employees fall for these tactics, click on malicious links, or provide login credentials, to name a few.
Malware. Attackers can introduce malware into the agents’ systems through infected files, email attachments, or when agents go to compromised website(s). Once the malware is executed, it can create a backdoor, giving attackers unauthorized access to your company’s data.
Ransomware. Ransomware is usually delivered through phishing emails or exploiting vulnerabilities in software. Once executed, it encrypts data and then denies access. Attackers demand payment for decryption keys; if paid, they may or may not provide access.
Man-in-the-middle (MitM). Attackers can intercept communications between customers and agents, often exploiting unsecured networks such as public Wi-Fi, or compromising network devices to eavesdrop on sensitive information.
Denial-of-service (DoS). Attackers flood a network or system with traffic, overwhelming its capacity. This disrupts normal operations, making accessing the site difficult for your customers (including call center agents).
SQL injection. Attackers manipulate the database queries by injecting malicious structured query language (SQL) code through vulnerable input fields on websites or applications. If successful, they can access sensitive data stored in the databases.
Cross-site scripting (XSS). Attackers inject malicious scripts into web pages that are then viewed by others, including call center agents accessing compromised sites using their work devices. These scripts can steal session tokens or sensitive data.
Advanced persistent threats (APTs). APTs involve a prolonged and sophisticated approach. Attackers may exploit vulnerabilities in software, conduct social engineering, or use spear phishing to gain a foothold. Once inside, they work quietly to steal sensitive information over time.
Social engineering. Attackers exploit human psychology, tricking employees into revealing sensitive information or performing actions compromising security.
Zero-day. Attackers exploit unknown vulnerabilities in software or systems before developers can create a fix (patch). By doing so, they can access systems that are not yet protected against the newly discovered vulnerabilities.
CHEATing Cyber Attacks
The CHEAT method is a mnemonic device used in cybersecurity to remember the fundamental principles of securing digital systems within your center. This helps to protect sensitive data and maintain customers’ trust in your company:
- Configuration. Securely configure systems and networks in the center to industry standards, preventing unauthorized access through job role access, and minimizing vulnerabilities.
- Hardening. Strengthen the systems’ security posture with additional layers of protection, such as intrusion detection and regular software updates on agent workstations.
- Education. Provide regular cybersecurity training to agents and leadership to recognize and respond to common threats, such as phishing attacks and social engineering tactics.
- Auditing. Conduct regular audits and assessments of call center systems to identify security gaps and compliance issues and ensure adherence to industry regulations. Perform routine call quality assurance (QA) of call recordings and monitor customer data access logs for unauthorized activities.
- Testing. Conduct tabletop exercises to simulate a cyberattack on the center’s network and assess the effectiveness of incident response procedures in mitigating the threat.
The Digital Armor
Here are several practical ways to strengthen your digital armor: and lower the risk of your center falling prey to cybercriminals.
- Have monthly or quarterly cybersecurity training to help employees navigate the cyber landscape. Train them to identify suspicious emails, take steps to verify customer information (caller authentication), stay informed about cyber threats, and establish a secure, private workspace to mitigate risks. I would suggest creating scenario-based training around your center’s operations to increase relativity.
- Ensure secure access by requiring multi-factor authentication (MFA) for company portals, opting for user-friendly authenticator apps over text messages. And balancing the user experience to prevent excessive annoyance with MFA prompts.
When onboarding new team members, it's crucial to assess more than their criminal background checks.
- Leverage reporting data to swiftly identify trends and potential security threats, enabling automated responses and proactively informing the teams about malicious emails to prevent further incidents.
- Safeguard communications and home networks for remote agents by requiring virtual private networks (VPNs) to access company resources, ensuring end-to-end encryption.
- Empower your teams to report suspected phishing emails through the email program. Ensure their digital armor stays strong by installing and regularly updating anti-virus/malware software.
- Encourage the use of password management apps on work devices. And if not feasible, establish stringent password policies that guide the creation of robust and unique passwords, enforcing adherence to ensure the technical impossibility of weak passwords.
- When onboarding new team members, it’s crucial to assess more than their criminal background checks. You also need to gauge their personality compatibility and their capacity to adhere to security protocols.
Cybersecurity isn't wait and see; it's a proactive effort that we can't afford to delay.
- Store data on a secure cloud server rather than transmitting it using unsecured USB memory sticks or via unprotected email. Train agents on how to utilize the encrypt option via email.
- Set up confidential fraud reporting channels that investigate incidents and mitigate threats, which customers and employees can use.
Cyberattack Mitigation Strategies
If you have not been hit by a cyberattack, consider yourself very lucky. Because it is not if, but WHEN it will happen. And if you have been hit once you WILL be hit again.
Here are several mitigation strategies to consider deploying when (and the next) a cyberattack occurs.
- Assess the Situation. Determine the attack’s scope and nature to understand the damage’s extent.
- Contain the Attack. Immediately contain the attack and prevent further spread. Disconnect affected systems from the network to isolate them from the attacker’s reach.
- Activate Response Plan. Implement your organization’s incident response plan (IRP), which refers to a detailed playbook for detecting, containing, investigating, and recovering from cybersecurity incidents. It identifies who does what to ensure clear communication and promotes continuous improvement through training and reviews.
Cybersecurity is also about keeping everyone - employees and customers alike - in the loop on emerging cyber threats...
- Notify Relevant Parties. Inform internal stakeholders, such as senior management and legal advisors, and external parties, like law enforcement or regulatory agencies, as necessary.
- Preserve Evidence. Preserve evidence of the cyberattack for forensic analysis and potential legal proceedings. Document the timeline, capture logs, and maintain integrity to support the investigation.
- Restore Operations. Gradually restore affected systems while closely monitoring areas impacted to regular functioning and prioritizing critical functions. Implement security patches, updates, or configurations to mitigate vulnerabilities exploited in the attack.
- Learn and Adapt. Conduct a thorough post-incident review to analyze the root cause(s), identify weaknesses in security controls or procedures, and implement corrective measures, with the end goal of being resilient to future attacks.
Cybersecurity isn’t wait and see; it’s a proactive effort that we can’t afford to delay. That means implementing and reinforcing your company’s digital armor to safeguard proprietary information, systems, and customer data, to name a few.
Cybersecurity is also about keeping everyone - employees and customers alike - in the loop on emerging cyber threats, ensuring that you can identify and address possible risks.
Finally, let’s remember to expect the unexpected. Even with the most airtight security measures and training, things still slip through. In this case, a solid mitigation plan is your lifeline when disaster strikes. It’s not just about bouncing back quickly; it’s also about swiftly restoring trust and continuity in operations to demonstrate your commitment to your team, customers, and stakeholders.
From CSR to SOC Analyst
By Faima Gilani
Transitioning from a customer service representative (CSR) role to a Cybersecurity Operations Center (SOC) analyst has been an enriching journey for me. The parallels between the attention to detail required in both roles, particularly in terms of compliance, have been striking.
In the healthcare sector, adherence to the Health Insurance Portability and Accountability Act (HIPAA) was paramount, while in the realm of cybersecurity, strict adherence to frameworks like the National Institute of Standards and Technology (NIST) and the SANS Institute is crucial.
During my tenure as a CSR, I faced several incidents where callers posed as members, creating a false sense of urgency (a very common technique for phishing/vishing [voice phishing]) attacks to extract sensitive information while attempting to bypass established protocols. Such deceptive tactics could be employed by individuals with insider knowledge or even malicious threat actors seeking unauthorized access.
I had worked as a provider helpdesk representative in between my CSR and SOC analyst positions. While in that role I frequently encountered instances where former employees, post-layoff, attempted to gain illicit access to provider accounts.
The motivations behind these actions varied, but the prevalence of vishing in call center environments underscored the need for robust employee training programs and engaging activities like Capture the Flag (CTF) challenges to enhance awareness and vigilance.
Absolutely well-trained employees are essential in meeting service level agreements (SLAs) effectively. By investing in comprehensive training programs, organizations can ensure that their employees have the necessary skills, knowledge, and competencies to deliver services in line with SLA requirements.
This dual perspective from the CSR and SOC analyst roles has reinforced the critical importance of vigilance, adherence to protocols, and ongoing education to combat evolving threats and safeguard sensitive data in both customer service and cybersecurity domains.