Cookie Settings

Request a demo

Get access to all the tools and information necessary for the customer's life cycle at Odigo by heading to our client portal

My Odigo

How to improve security risk management in contact centers

How to improve security risk management in contact centers
Bertrand Deroubaix
Bertrand Deroubaix Risks, Quality & Security Director

Adopting a cloud-based Contact Center as a Service (CCaaS) solution can raise questions around data storage, control, accessibility and protection. What are the security risks? How can contact centers protect customer data?

April 21, 2022 3 min of reading

Security and protecting customer data should be a priority for contact center risk management and for this reason access to CCaaS solution services should be controlled. In order to do so, however, contact center risk management needs to be an integral part of company strategy.

What dangers do companies face if they don’t control their data?

Businesses, and by extension their contact centers, are regularly confronted with gaps in security. These can put data at risk, including that of customers, and the causes can be varied: 

  • Poorly configured platforms or solutions,
  • Lack of vigilance over IT system access rights, 
  • Agents’ oversight or lack of training around security issues,
  • Cyber attacks that can compromise data security.  

A Gemalto survey of 10,500 enterprise customers and 1,050 IT decision makers from 11 countries revealed a startling finding: companies struggle to control their data. Only 54% of companies know where their sensitive data is stored, and 91% of IT decision-makers believe they could and should be better prepared to take advantage of the growing volume of data available. In addition, only 55% of companies say they are GDPR compliant. These numbers reveal all too real weaknesses in contact center risk management and by default their customer services.

Contact center data and risk management concerns

Today, a growing number of companies are choosing to provide their contact center agents with a CCaaS solution to improve how customer relationships are cultivated. This move sparks two questions: how to control data and which people should have access to it. 

Data accessibility

Guaranteeing the data’s accessibility to the right people is essential in a contact center. To achieve this, access to the company’s services should be with individual access profiles. For example, an agent should log onto cloud services with a unique ID and password. This should follow the identity and access management process implemented by the organization to manage user authorization to the system, information or applications. 

Controlling the data

Contact centers need to keep control of data to prevent security risks, but how? First, CCaaS providers should provide data encryption services to prevent data from leaving the cloud and being immediately intelligible. Second, contact centers should also segregate data from different customers, which is made possible by the architecture of cloud-based solutions.

Data security risk management in contact centers

How can contact centers be sure a cloud-based solution provider has the necessary data security expertise? 

  • Check that providers have ISO-27001 and ISO-9001 certifications (information security and quality management systems) and comply with specific industry standards (e.g., PCI DSS for payment card processing, HDS for healthcare data or SOC 2 certification).
  • Audit service providers to ensure that its infrastructure and solutions meet security policies and that there are no known vulnerabilities.

Even using a provider that has some expertise in terms of data security does not change the importance of daily vigilance during customer interactions.

Securing personal customer data during interactions

Customer service and conversations must be secured. In fact, with each call, customers share personal and, sometimes, confidential information with agents. It is therefore essential for contact centers to guarantee the security of this information and to reassure customers of that fact. The use of artificial intelligence (AI) and the implementation of an IVR help by allowing intelligent data transfer according to the caller’s needs. An important example is maintaining the security of payment details which are a high value target for criminals. Secure IVR payments give customers an important option which can bypass call queues but not peace of mind. 

Provide agents with ongoing data security training

Finally, agents should also be part of a security strategy to protect contact center data. Investing in data security training for agents is critical to ensure reliable operations and prevent mistakes and to maintain customer trust in a world where those who lose confidence in one company can easily find another. Since the GDPR went into effect in 2018, 49% of customers said they did not feel any more in control of their personal data. Companies should be aware of this and do more to earn customer trust. 

Technology and risk management in contact centers

Technological innovation makes it possible to optimize data protection in contact centers by using specific tools and actions. 

Identify gaps in data management 

Before establishing a data protection policy, it is useful to identify potential gaps in a contact center’s risk management. This can be done through daily security and intrusion testing, which can be conducted by some providers. Additionally, a cloud solution and AI based technologies allow safe migration of data and quick detection of any attempted data leak.

The proper tools to ensure data security 

In order to ensure data security in contact centers and to detect possible breaches, it is imperative to restrict access to sensitive data and to set up a tracking system that monitors activities. Technology can help minimize some of the risks, for example using a solution with anti-malware software, but also SIEM (Security Information and Event Management) software that monitors, detects and alerts on security events or incidents. In addition to these tools, continuous vulnerability scans and early vulnerability detection capabilities can help protect data. 

Another occasionally utilized tool is the security assessment survey, however caution is needed as these can be very misleading. Indeed, filling out these long surveys, sometimes out of context, is not considered good practice, as they are often generic and do not take into account company size or their specific security risks.  

It is more appropriate for a company’s data security and protection teams to start an ongoing dialogue with a new provider as soon as the service is contracted. The goal is to address issues directly through risk, not compliance. Service analysis is a better guarantee to understanding the security of your data

Choose a CCaaS solution that protects data effectively

This is not just a theoretical list of ideal measures. All the contact center risk management tools and guidelines outlined in this blog are implemented in Odigo CCaaS solutions and services. To find out more about the best practices to protect and secure your data contact an Odigo expert 

Bertrand Deroubaix
Risks, Quality & Security Director

Read more
April 13, 2023 3 Let’s talk about contact center gamification 

There’s a right way and a wrong way to employ gamification for contact center agents.

Read more
April 6, 2023 3 The Millennial customer experience: how companies must adapt to the consumers of tomorrow 

Millennials are the consumers of tomorrow. Their consumption behavior has been disrupted by the COVID-19 pandemic. How can companies improve the customer experience of millenials even further to capture and retain this influential group of consumers?

Read more
March 30, 2023 3 Let’s talk about what agents experience in a contact center work environment   

Everyone wants to think of their own job as important. And they are.

Read more