With 2021 seemingly just around the corner, it’s time to start planning for the next year of call center life! Security remains a top priority for call centers all over the world as cybercriminals continue to advance their nefarious tools and techniques. With that in mind, let’s take a look at 8 call center security trends you must follow in 2021.
1. Authentication and Authorization
Authentication and authorization have been on the rise for some time now, and with good reason. With the widespread adoption of cheap tech gadgets like smartphones and tablets, and with more and more of the world being online, there’s an increased opportunity for identity theft. It’s not that there are more criminals in 2020 or that there will be even more in 2021, but simply that criminals have access to more tools today than they did in the past.
So, what will authentication and authorization look like in call centers in 2021 and beyond?
- Shifting away from Know Your Customer (KYC) questions like “What’s your mother’s maiden name?”, “What street did you grow up on?” and so on. These questions can be easily beat by savvy cybercriminals.
- Using biometrics (face recognition, fingerprints, or iris recognition) on dedicated apps. If a company has a dedicated app, it can use biometrics to grant the user access to their profile. Once in, the customer can access live chat and other communication features through the app. Customers don’t need to be validated further with questions.
- Authentication through social media or messaging profiles. When a customer creates a profile with the company, they can link their social media accounts such as Facebook or Twitter, and also their internet messaging services like WhatsApp or Telegram. When customers are communicating with the company through these channels, they can be assumed to be legitimate. Companies should refuse communication through different social media profiles with the same name, it must be the account linked at the creation of the account.
Companies need to work towards finding better solutions for authenticating customers and particularly for highly sensitive industries like healthcare and banking. One survey found that 51% of professionals in the financial services sector believe phone channels experience the greatest number of account takeover attempts.
In 2021, we expect to see authentication and authorization to become an even more prominent part of the call center landscape. At its core, the goal of a call center is to help customers, not help criminals. This is why authentication is so important.
2. Increased Employee Training on Phishing and Spear Phishing
According to Verizon’s 2020 Data Breach Investigations Report, 22% of data breaches in the last year involved phishing. Before we delve into this topic, let’s have a quick recap of what these terms mean.
Phishing – When a cybercriminal sends a fraudulent email impersonating a reputable person or company. The goal of phishing to receive sensitive or important information such as company login credentials, customer records, or access to other sensitive information such as credit card numbers or passwords.
Spear Phishing – This is like phishing, but only more targeted and personalized. With phishing, the cybercriminal might fake an email from Google or Microsoft and send the email to hundreds or even thousands of people, hoping that some people will fall for it. With spear phishing, the criminal will impersonate a reputable person or company who already has a relationship with the individual. They typically do their research more thoroughly to convince the victim they can be trusted.
If you’re thinking “Oh like those emails written in broken English that say they are from Google but it’s obvious they’re not. No one ever falls for them”, then your cybersecurity knowledge may be out of date. Sure, there are plenty of transparently awful attempts at phishing, but there are equally lots that fly under the radar. You notice the bad ones because they are memorable in their overt scammy tone. But when it’s done well, you don’t notice it at all, and this is why it’s so important to train employees in what to look out for.
Here are some tips on how to train your employees to spot phishing attempts and keep your customer data secure. Remember, a data breach can potentially cost you hundreds of thousands in damages and harm your reputation.
- Show them recent examples of phishing emails – Cyberciminals change tactics all the time. During the coronavirus pandemic, cybercriminals started making coronavirus themed phishing emails. The same is true for other world events.
- Train them to recognize red flags like:
- Generic greetings (Dear employee, colleague, customer, friend, etc). If someone doesn’t know your name, they have no business getting information from you.
- Urgent requests – When the email includes dire warnings or asks the employee to act quickly. Cybercriminals do this because people are famously bad decision-makers when under pressure.
- Spelling or grammar mistakes
- Long or weird-looking URL links.
- Poor formatting – Inconsistent fonts and font sizes or poor-quality logos.
- Tell your employees to trust their instants and tell them you will stand by them. Employees often fall victim to phishing attacks because they believe they will be in trouble if they don’t respond to the email with the requested information. Remember that the worst-case scenario if the email is legitimate is that something is delayed. However, the worst-case scenario, if the email is fraudulent, is that you have a full-scale data breach.
With cybercriminals continually perfecting their techniques and becoming more and more sophisticated every year, we expect to see more employee training in the area of phishing and spear-phishing in 2021.
3. Regulatory Compliance
Regulatory compliance has always been a requirement for businesses of all types, but it’s becoming increasingly important in the digital age. Privacy and security are becoming hotly debated issues that are at the forefront of people’s minds in 2020. In Europe, we’ve seen an overhaul of how privacy, security, and data management is handled with GDPR that came into effect a few years ago. Companies are now facing much harsher consequences for mishandling data, and one of the leading ways to mishandle data is to be non-compliant with current regulations.
What’s happening in Europe represents a shift in the mindset of customers, and this shift is happening all over the world. People are increasingly concerned about how their data is handled and want companies to be held accountable. Make sure that you will be seen as dependable by complying with current data regulations.
4. Be Transparent
This may sound odd but giving up more information about how your company works can actually lead to better results than closely guarding your secrets. We often think of security and privacy as two closely related practices that must be adhered to in the extreme. However, there is such a thing as being too private about certain information. Here are some of the areas where you should be more transparent:
- Tell your customers what you’re doing with their data – If they see you as honest and trustworthy, they are more likely to keep buying from you.
- Transparency of costs – A study by Harvard found that when firms reveal the unit cost of products to customers, this actually causes a boost in sales. Why? Because just like how we see intimate disclosures to be a sign of trust and loyalty in our personal lives, the same is true for the businesses we buy from. You don’t have to tell your customers everything, but you can open your doors a little and let them understand how you do business.
- Transparency of how you work – Do you use an omnichannel platform? Why? Probably because you want to streamline your processes and improve customer experiences. These are great things, so don’t be afraid to share them.
Being transparent can also help increase your resilience to cyber-attacks. To use a silly example, if someone were to send you a spear-phishing email and include information like your favorite football team, then the effectiveness of this approach would depend on many factors. If your favorite football team is all over your social media and you wear the jersey to work every day, then this isn’t personal information, it’s public knowledge. Suddenly all the power in this reveal just disappears. The same can be true when you make other information about your company public.
5. Use the Right Technology
One of the best ways to best protect yourself from cyber-attacks is to use the right technology. You shouldn’t be using out of date software that has security protocols on from a decade ago. Instead, upgrade your call center tools to be in line with current security best practices.
Here are some technology tips for security:
- Update and patch your software! – We know, it seems like a new security patch comes around every week and it can be difficult to keep up. Remember that these patches were created to address specific weaknesses and vulnerabilities. If you remain unpatched, you’re making your company weaker and opening the door to cybercriminals.
- Go omnichannel – An omnichannel platform and an omnichannel approach can help you get a better grip on where all of your customer data is. One key reason that data breaches go unnoticed is that companies don’t realize that data has been stolen. They don’t realize, because they are often not even aware of where this data is or how to find it. In 2021, this simply isn’t acceptable, you need to start taking control of your data today!
- Source dedicated anti-spam software or dedicated security solutions – If you don’t have a team of security experts in your business, then you need to find another way of getting expert-level security.
6. Ransomware Attacks Are on The Rise
Ransomware attacks still remind a prevalent threat for business in 2020 and this looks set to continue in 2021. It’s crucial that you make a robust plan for what you will do if your company falls victim to a ransomware attack. Remember that the worst time to make a plan is when it’s already happening. Backups form a key part of arming yourself against these types of attacks. A 2020 study by Sophos of over 5000 organizations found that 94% of organizations hit with a ransomware attack managed to get their data back. 51% of these organizations did so by using backups. 26% of organizations got it back by paying the ransom, which isn’t a situation you want to find yourself in.
7. Transferring to the Cloud
More and more companies are transferring to the cloud, and this looks set to continue in 2021. There are distinct security benefits for moving to the cloud, with the most prominent being that your data is now protected by a team of security experts and is safeguarded using the best technology.
8. Internet of Things (IoT)
The IoT revolution is in full swing, and many companies are starting to adapt their products and services to become competitive. We expect more of this to happen in 2021 as IoT starts to become more widespread. However, it’s important to be mindful that the IoT landscape is still somewhat of a wild west. There isn’t as much end-to-end security as you would expect in IoT devices, so if you want to enter this market in the right way, you must consult with IT specialists. Be known for both your great products and your great security.