How can businesses create genuinely secure, flexible and productive working environments for their teams wherever they work?
Our ‘coffee table discussion’ panel explored the possibilities…
The rapid drive towards homeworking throughout 2020 has forced many contact centres to enable agents working from home, but some operations have felt forced into cutting corners, especially in relation to payment security, data compliance and working standards.
Contact Centre Panel’s series of webinars was launched to discuss these issues and to offer practical solutions for contact centres to provide an excellent level of service whilst safeguarding clients, callers and agents as well as their own business.
On 17 February 2021, Contact Centre Panel hosted a webinar focused on contact centre homeworking, asking our panel of experts the question ‘how can businesses create a genuinely safe, secure and flexible working environment for their teams so they can flourish and achieve wherever they work?’. John Greenwood, Head of Technology & Payments, Contact Centre Panel, hosted the webinar and was joined by:
Simon Turner, PCI DSS Advisory Cloud Services & Contact Centres (QSA), BT Plc, providing input from a security and payments compliance prospective
Steve Sullivan, Head of Regulatory Compliance, Contact Centre Panel, a contact centre operations and Data Protection specialist and vice-chair of the UK Data & Marketing Association’s Contact Centre Council
Brent Agar, Director, SentryBay, an endpoint security expert with over 20 years’ experience
Felix Clarke, Cloudbased Partners, an experienced risk assessment specialist
What’s the situation in early 2021?
In our audience survey:
- 75% of companies reported that more than 75% of workers are working from home, with 18% having 51-75% at home, and 17% having 26-50% than half of their workforce home-based
- 54% said no employees are using their own devices to access corporate systems, 46% reported that between 1 and 25% of employees connect to company systems using their own computers
- Similarly, 54% of our audience stated that they have a post-lockdown location strategy already, with 46% not having this in place yet
Along with the growth of home working, there has been a rise in telephone related fraud. Feedback from the Payment Card Schemes points to an overall increase in the MOTO (Mail Order Telephone Order) payments acceptance channel of up to 400% since March 2020. A clear indication that the criminal community is taking advantage of the changes that home working is forcing upon us.
Minimising these risks is not only good business, when it comes to keeping data secure, it’s a legal obligation covered by the Data Protection Act 2018 and the Health and Safety at Work Act 1974.
Looking at the big picture, Steve Sullivan began by highlighting that homeworking has brought some big positives to the sector:
- Increased working flexibility
- Access to a much wider pool of talent
- Increased retention of good employees in the short term
- Happier agents
Based on recent research most businesses have seen overall increased performance metrics including CSAT customer satisfaction results, plus performance and productivity improvements up the end of 2020.
Talking about the most important technical implications of the forced move to working from home, Brent Agar and Simon Turner outlined the challenges presented by the move from a physical security world, where offices and contact centres were built and managed to be secure places for people and data to be put to work, to a remote working situation where endpoint security has become the focus for compliance and protection.
What’s the risk exposure of teams moving into the home environment?
Felix Clarke described the situation now “We’re in this blitz spirit situation where people have been prepared to put up with it and wait and see… The Government has said that they will bring out new health & safety rules but they’re not ready yet… and the unions and lawyers who know they can’t get involved yet but are waiting.” However, this spirit of all being in this situation together cannot last forever. For now, employees working from home and their employers are finding ways to get the job done, but the honeymoon period is bound to end and organisations who are cutting corners will start to be exposed. This will have knock-on effects not only for team members but for end consumers, brands and contact centre business owners alike.
Were payments are concerned, there are risks associated with employees using their own computers or where company-owned computers are not fully protected. Traditional anti-virus software may not protect your business from some technical weaknesses. Options include buying and maintaining expensive computers for your full team or installing additional software to protect your business from attacks.
It’s critical to remember that your people are in scope too when it comes to compliance with standards. Technology is important of course, but your agents, whether internal or outsourced, are a critical part of the process. Iteratively developing our processes to take account of the behaviour of agents working away from the usual office environment is crucial.
What technological solutions are out there?
The risks inherent with homeworking can be partially mitigated by good endpoint security systems. The PCI Standards Council says that ‘by limiting exposure of payment data and your systems, you simplify scope and validation, reducing the chance of being a target for criminals.’
The reality is that in any situation where an agent is taking personal or payment data over the phone, there is a risk that data can be recorded manually or digitally, either in good faith or more worryingly criminally, using techniques such as keylogging or screen capture systems which can be installed without the user’s knowledge through spyware or similar attacks.
Brent introduced a piece of software by SentryBay which scrambles the information taken by keyloggers and disables screen capture. So regardless of whether the agent is acting dishonestly or has been the unwitting victim of a spyware attack, the software prevents sensitive data being captured and passed on. With millions of installations worldwide, this tried and tested solution is used by some of the largest banks and insurance companies to help them minimise their risks.
Software like this is not restricted to large financial institutions, however with most businesses who use contact centres processing personal data and payment data in some form, there is arguably a greater risk to smaller businesses. Implementing solutions such as technical endpoint protection is scalable and suitable for all sizes of business. It’s important to remember that the liability for compliance rests with the merchant, even if they use outsourced resources to process data or payments.
Have industry bodies changed their approach?
In the UK, the ICO (Information Commissioners Office) has published a lot of advice on working from home but has said little about the security of payment card data, pointing only to the Payment Card Industry Security Standards Council (PCI SSC), the body responsible for the security standards supporting the card payments ecosystem, where guidance on homeworking has been published and promoted.
The Data and Marketing Association (DMA) has not fundamentally changed its guidance for distributed workforces at this stage but encourages a systemic approach to data security and data protection. Being aware of your duty of care to front line staff to minimise their exposure is important.
Regulators will not maintain their recent light touch indefinitely and some large brands will doubtless fall foul of decisions they have made which do not mitigate risks sufficiently. By building systems that protect your staff from sensitive data, they will have to worry less about the lure of fraudulent activity and can focus more on the positive aspects of their jobs.
What about the claims industry?
As an employer, if you put your teams into a situation where they are at risk, the claims industry is likely to be preparing to catch up with you soon. Felix Clarke: “We’ve already seen articles with titles like ’17 ways you can hurt yourself working from home’ so if you inadvertently put employees into a situation where they could be hurt or discriminated against while working from home…claims will probably follow before too long.”
How can we help our teams to safely provide an excellent service to our customers?
To summarise the findings of our panel, there are a few key considerations that will help enormously to protect customers, agents and businesses:
- Secure the endpoint using appropriate systems
- Prevent card data entering your systems by employing best practise data capture
- Beware the likely claims which are bound to result from an industry dealing with major physical change
- Look after your people at home and their working environments
To summarise the discussion perfectly, Steve Sullivan said “There are a lot of angry frustrated customers out there… so anything we can do to make our agents lives easier and let them focus on what they’re best at is for everybody’s benefit.”
You can hear all the insights given by our expert panel in full by watching the webinar:
Our next webinar is focused on ‘homeworking health & safety considerations and legal risks’, if you’d like to attend click here
If you’re unsure how to assess your businesses risk exposure and how to equip it to handle any new risks posed by changeable working conditions, we can help by advising you on the risks you need to consider and the best way to mitigate them. We can also help you to learn how to work with your employees to maximise their health, happiness, and productivity. Get in touch.