From inside and outside a contact centre, insider threats come in the form of individuals using bribery, coercion, social engineering and malware to get their hands on sensitive customer data. So says the software firm Semafone in a report launched at the Call & Contact Centre Expo at Excel in London Docklands on March 27 and 28, on what can act as a catalyst for a brand-damaging data breach. Not all threats are malicious in nature; the guide illustrates that high-profile data breaches can also stem from simple human error and agents accidentally exposing personally identifiable information (PII).
1. The Tempted Temp
Temporary agents, such as those hired to handle seasonal surges in call volumes, often have less loyalty to a company. Without the proper screening processes or clean room policies, these employees can easily steal sensitive information.
2. The Credulous Clicker
Even the most trustworthy employee can accidentally expose sensitive data. An agent may inadvertently click on a link or open an email attachment thinking it is from a customer, only to unleash a virus into the system, which steals customer data.
3. The Vengeful Victim
A disgruntled employee with a personal grudge against management can take advantage of an agent’s access to customer data, bribing them to share payment card details and other information.
4. The Hidden Hacker
Anyone with access to agents’ computers can steal sensitive data stored in the network. For example, a rogue IT support employee could insert a Remote Access Trojan, or “RAT” into a computer; this little piece of software allows the device to be accessed remotely, enabling the hacker to tap into customer data.
5. The Contract Cleaner:
Anyone with access to the contact centre facility can get their hands on personally identifiable information (PII). For example, someone on a cleaning team is likely to have unrestricted access to the building. This makes it easy for them to access contact centre computers and use USB sticks to install software that captures detailed customer information.
Tim Critchley, Semafone CEO said: “While these are just few examples of the types of fraudsters and cybercriminals that contact centres may encounter, it is more important than ever for organisations to protect themselves and their customers against potentially brand-damaging data breaches. Of course, most employees are trustworthy people, but it only takes one rogue worker to expose or steal PII.”
“By removing as much sensitive PII as possible from business infrastructures, contact centres can reduce the risks associated with a detrimental, costly data breach. They do not have to worry about outside hackers, third parties with fraudulent intentions, or even agents prone to honest mistakes. As we like to say at Semafone, ‘No one can hack the data you don’t hold.’”
You can download Semafone’s new eBook, “The flawed five: who’s threatening the security of your contact centre”.
