Cookie Settings
Get access to all the tools and information necessary for the customer's life cycle at Odigo by heading to our client portal
Adopting a cloud-based Contact Centre as a Service (CCaaS) solution can raise questions around data storage, control, accessibility and protection. What are the security risks? How can contact centres protect customer data?
Security and protecting customer data should be a priority for contact centre risk management and for this reason access to CCaaS solution services should be controlled. In order to do so, however, contact centre risk management needs to be an integral part of company strategy.
Businesses, and by extension their contact centres, need to manage key risk areas to prevent gaps in security. These can make data vulnerable, including that of customers, and the causes can be varied:
A Gemalto survey of 10,500 enterprise customers and 1,050 IT decision-makers from 11 countries revealed a startling finding: companies struggle to control their data. Only 54% of companies know where their sensitive data is stored, and 91% of IT decision-makers believe they could and should be better prepared to take advantage of the growing volume of data available. Despite Brexit UK specific GDPR remains law; though EU law still applies to UK companies dealing with EU customers. GDPR has some positive influence on security through better data management but it also increases customer trust. When it was first introduced in 2018 however uptake was slow despite the annual UK government cyber security breaches survey identifying that 43% of businesses had identified a cyber attack. This had dropped to 39% by March 2022 but these numbers still reveal the all-too-real need for contact centre risk management.
Today, a growing number of companies are choosing to migrate to a cloud-based contact centre solution to improve customer experience. This move sparks two questions: how to control data and which people should have access to it.
Guaranteeing the data’s accessibility to the right people is essential in a contact centre. To achieve this, access to the company’s services should be with individual access profiles. For example, an agent should log onto cloud services with a unique ID and password. This should follow the identity and access management process implemented by the organisation to manage user authorisation to the system, information or applications.
Contact centres need to keep control of data to prevent security risks, but how? First, CCaaS providers should provide data encryption services to prevent data from leaving the cloud and being immediately intelligible. Second, contact centres should also segregate data from different customers, which is made possible by the architecture of cloud-based solutions.
How can contact centres be sure a cloud-based solution provider has the necessary data security expertise?
Even using a provider that has some expertise in terms of data security does not change the importance of daily vigilance during customer interactions.
Customer service and conversations must be secured. In fact, with each interaction, customers share personal and, sometimes, confidential information with agents. It is therefore essential for contact centres to guarantee the security of this information and to reassure customers of that fact. The use of artificial intelligence (AI) and the implementation of an IVR help by allowing intelligent data transfer according to the caller’s needs. An important example is maintaining the security of payment details which are a high-value target for criminals. Secure IVR payments allow customers to bypass call queues but not peace of mind.
Finally, agents should also be part of a security strategy to protect contact centre data. Investing in data security training for agents is critical to ensure reliable operations and prevent mistakes. Maintaining customer trust is important in a world where those who lose confidence in one company can easily find another. An example of the difficulty building trust was highlighted in 2018 in the 6 months after GDPR was introduced, 49% of customers said they did not feel any more in control of their personal data. Companies should be aware of this and use contact centre risk management to do more to earn customer trust.
Technological innovation makes it possible to optimise data protection in contact centres by using specific tools and actions.
Before establishing a data protection policy, it is useful to identify potential gaps in a contact centre’s risk management. This can be done through daily security and intrusion testing, which can be conducted by some providers. Additionally, a cloud solution and AI-based technologies allow safe migration of data and quick detection of any attempted data leak.
In order to ensure data security in contact centres and to detect possible breaches, it is imperative to restrict access to sensitive data and to set up a tracking system that monitors activities. Technology can help minimise some of the risks, for example using a solution with anti-malware software, but also SIEM (Security Information and Event Management) software that monitors, detects and alerts on security events or incidents. In addition to these tools, continuous vulnerability scans and early vulnerability detection capabilities can help protect data.
Another occasionally utilised tool is the security assessment survey, however, caution is needed as these can be very misleading. Indeed, filling out these long surveys, sometimes out of context, is not considered good practice, as they are often generic and do not take into account company size or their specific security risks. It is more appropriate for a company’s data security and protection teams to start an ongoing dialogue with a new provider as soon as the service is contracted. The goal is to address issues directly through risk, not compliance. Service analysis is a better guarantee to understanding the security of your data.
This is not just a theoretical list of ideal measures. All the contact centre risk management tools and guidelines outlined in this blog are implemented in Odigo CCaaS solutions and services. To find out more about the best practices to protect and secure your data contact an Odigo expert
First call resolution (FCR) is a well-known contact centre outcome metric. Discover how to increase it with high-quality experiences that focus on customer satisfaction.
Discover how time management, knowledge management and technology can reduce average handling time (AHT) without impacting CX.
Three years of data, a negative shift in consumer perception and multiple drivers, including many from outside the contact centre, is it time to recalibrate CX strategies?
