John Greenwood

Is your homeworker contact centre setup secure and safe?

By John Greenwood, Head of Technology & Payments

With tight restrictions being enforced across the UK and businesses trying to maintain performance, homeworking has once again become a daily reality. In this article, we ask how can your business create a genuinely safe, secure and flexible work environment for its teams so they can flourish and achieve wherever they work?

The accelerated move to homeworking

The Covid response forced many contact centres into having to rapidly adopt the homeworking Contact Centre model. Although as a concept homeworking is nothing new, with around 13% of the UK’s workforce based from home prior to the pandemic. What has been new is the volume of homeworkers and the proof that the concept could really work at scale for contact centres.

The foundations for success

Before Covid struck, global digital transformation with the parallel transition to cloud-based technology platforms was already creating the foundations on which truly flexible working arrangements could be built.
The WFH model is proven, with a strong set of benefits including improved flexibility for team members, less reliance on large offices, reduced impact of forced changes (including pandemic lockdowns!), the potential for improved staff loyalty, faster communication and rapid response to market and demand fluctuations. While there are some challenges, the benefits outweigh the drawbacks for most Contact Centre organisations.

Growth of cloud-based businesses

Adopting cloud platforms and tools can be much easier than their site-based predecessors. Capital costs are usually much smaller or absent; expensive tailored development is minimised; implementation can be tested and delivered in parallel and as a result, the capability of following a more rapid ‘Test – Analyse – Improve – Implement’ model vastly reduces the risks of system failure.

Scaling these technologies up to a whole-business level, when implemented correctly, can deliver huge benefits whilst supporting the need to keep personal data secure.

On the other hand, not having the appropriate technologies in place to support people, processes and performance whilst maintaining data security and corporate governance obligations can be problematic and lead to serious risks.

The risks of getting it wrong

In the fast and forced Covid-19 response, organisations will have opened themselves to risks without necessarily having the knowledge or tools to deal with them. While most businesses have now successfully moved to a WFH model, at least in part, how many have done this in a truly planned way?

To ask a specific question, how many have implemented WFH knowing that their organisation is compliant with the Data Protection Act 2018? Have you?

Compliance is just one issue with serious consequences, but there are more which need to be considered.

Cyber attacks and cyber fraud are now considered among the top 5 global business risks. Cybercrime is a huge, State-sponsored, organised business sector. Hidden marketplaces for valuable data are maturing, with SLAs for data validity offered by the criminals who work very professionally to obtain good quality stolen information. Alongside this, 2019’s IBM Security & Ponemon Institute Report into security found that on average it took 243 days to identify data breaches. That is a lot of time for stolen data to be in circulation before any action is taken to make data more secure or to enable individuals to take action with their own data.

Telephone payment risks

Taking payment details over the phone is an apparent and immediate commercial risk. Moving this to home-based workers multiplies the probability of that risk becoming an incident.

By listening to card data over the phone, your organisation becomes exposed to fraud-related chargebacks, higher transaction charges and PCI compliance failures.

As far back as 2011, DCI Derek Robertson of Strathclyde Police identified a simple problem: “We know of organised crime groups who are placing people within the call centres so that they can steal customers’ data and carry out fraud and money laundering. We also know of employees leaving the call centres and being approached and coerced, whether physically, violently or by being encouraged to make some extra money.” Allowing people to listen to payment data, in the office or especially at home, puts your business at risk.

How can you systemically reduce risk to protect your homeworkers?

To make our colleagues more secure we need to remove the possibility than they can be compromised. We need to take the temptation of fraud away, not to implement security measures which make them feel like they are criminals. By supporting them, we make it easier for them to have meaningful, useful and positive communications with our customers.
In short, removing card data from your agents’ voice interactions with customers removes most of the opportunity for fraud. Your agents may still be approached to sell data, or coerced in some other way, but their absence of exposure to the valuable data will massively reduce their vulnerability.

If your Contact Centre takes payment details, take a very critical look at how this information is taken and processed. Are you confident that your processes are compliant with the relevant industry standards? If you are not sure how the PCI DSS applies to your organisation, talk to us today. We can help you to assess your risks and avoid potential problems in the future.

The most important steps to take now

The World Economic Forum has identified the ‘three most worrisome risks’ for companies over the next 18 months. These are:

  1. Prolonged recession
  2. Surge in bankruptcies
  3. Cyberattacks and data fraud

The first two phenomena are largely outside our organisational control; we must adapt to them and if we are successful we will survive beyond the effects of the pandemic. However, the third is driven by the first two: reduced opportunities to earn will force an increase in illegal behaviour and the involvement of our employees in that behaviour.

So as a business, you must mitigate this risk. You can do this by protecting your staff from exposure to the information that criminals want.

1. Change your risk and fraud profile

There is already regulatory pressure to put risk-management processes into law. However, rapid action to improve your own exposure to risks will not only make your staff more secure but will give your business a competitive advantage.

2. Put data governance and security on the Board agenda

GDPR was passed into law in 2016 and has applied since 2018. However, 2020 has changed many businesses processes and data protection may already have suffered enormously. Make sure you are aware of your organisation’s risks, not just of non-compliance but of potential data breaches. Moving payment data outside your voice conversations not only protects your customers, but it makes your employees safer too. Remove this opportunity for criminals to look for data in your organisation.

3. Analyse your WFH arrangements

Working from home is now a critical part of your business model. Do not treat it as a temporary measure, or outside the scope of your business analysis. It is possibly the part of your operation which carries the greatest probability, and the greatest consequences, to open up a breach of customer and/or payment data.

By keeping your people safe and your data secure, your business will cope better with the realities of working beyond 2020. Implementing the systems and processes which facilitate this required planning and thought but most of all, it required achieving the right balance between customer experience, costs and risk. Make sure that balance is in your favour.
If you would like to understand the options and the advantages in more detail, talk to us here at CCP. We have a team of contact centre experts who can advise you. We can help if you need it, or we can reassure you if your organisation is ready to move ahead in the post-pandemic world.

Get in touch