Life’s A Breach Pt 1: Join The Compliance Alliance
Some of the world’s biggest brand names have been associated with data breaches in the past few years, compromising the personal information of billions of people around the globe. The Privacy Rights Clearinghouse reported 807 breaches in 2018 alone and over 1.3 billion records affected. Experts predict that cybercrime will only become more prevalent as time goes on.
This is why it’s critical for brands who outsource to have full confidence in their BPO partners when it comes to data protection and security programs.
Join the Compliance Alliance
Whether a customer care program involves payment processing or receiving credit card data of any kind, it’s important to know how PCI compliance comes to play. The Payment Card Industry Data Security Standard (PCI DSS) refers to the adherence to a set of security regulations against the misuse of consumer personal information. The PCI DSS has six major objectives that are vital for contact centers to focus on:
- Secure Network
- Security Software
- Restricted Access
- Network Monitoring
- Documented Security Policy
Contact centers who store sensitive cardholder information must secure their network with robust firewalls, strict security controls and configuration standards (ex. File Integrity Monitoring).
Encryption isn’t a new practice in data security, but contact centers are required to implement it in a way that cyber attacks can be defended both internally and externally. Customer care programs must use an approved and multi-layer method of encryption, ensuring confidential data is safeguarded when being transmitted over public or private networks.
Anti-virus software, anti-spyware programs and anti-malware solutions across the company need to be updated frequently. Patches through software and operating systems should be regularly installed to ensure the highest possible level of vulnerability protection. Anti-virus, anti-spyware and anti-malware software should be audited daily.
Contact centers need to restrict access to sensitive data to only the people who actually need it. Data Loss Prevention (DLP) processes should be in place to prevent the sharing of confidential or sensitive information with any external contacts.
Networks within the contact center need to be monitored on a constant basis and tested regularly to ensure they are always compliant. This guarantees that all security measures for networks are in place, processes are being followed, systems are functioning properly and everything is up-to-date.
Documented Security Policy
Contact centers need to have a maintained formal data security policy that is followed at all times. This policy should be updated and readily available, if requested. A best practice is to include all compliance practices and certifications including PCI, GDPR, HIPPA, FIPPA etc. A change management process should be executed detailing the risks of the change, and document authorization for all system changes.
Outstanding customer care is always the key for building customer loyalty, but what good is that if they don’t trust a brand’s security from the start? Read our thought paper to learn more about how a strong data security program doesn’t just provide comfort and trust for partners and customers; It also helps to guarantee safe and secure growth in the future.
In our next blog, we’ll be talking about how big of a role physical security plays in data protection and security programs.