Life’s A Breach Pt 2: Let’s Get Physical…Security
Not only are consumers becoming more aware of data security and when they are giving away their personal information, but they are also starting to avoid or altogether boycott brands if they feel their data is unsafe with them. In 2018, YouGov surveyed consumers globally, giving a clear snapshot of their sentiment:
- 72% believe they are more aware of security threats compared to five years ago
- 90% are concerned about their private information being lost, stolen or manipulated
- 78% actively limit the amount of personal information they put online or share with companies
- 41% intentionally falsify their personal information (phone numbers, birth dates and email addresses)
- 78% said that a company’s reputation around customer data protection made an impact on their buying decisions
- 50% of respondents more likely to shop from a company that can prove it takes data protection seriously
- 69% would boycott a brand if it showed no regard for protecting customer data
These statistics prove that it is critical for brands who outsource to have full confidence in their BPO partners when it comes to data protection and security programs.
Let’s Get Physical…Security
When it comes to data breaches, normally devious hackers breaking into a network infrastructure comes to mind. The truth is, many of them stem from a lack of physical security. According to 2018 research conducted by Shred-it, more than 40% of businesses reported the employee negligence was the root cause of their most recent data security breach. That’s why it’s no surprise that there are specific PCI guidelines from a physical standpoint as well.
Swipe card readers and cameras are standard across contact centers, but these need to be complemented with audit and management processes through dedicated security roles. Access directories should be audited daily and updated immediately when an employee leaves.
Everyone across the organization should wear a badge at all times with proper identification. This distinguishes between employees and visitors. Employees should also be educated on the issue of tailgating – meaning an employee opens a locked door for someone without a proper badge.
One of the easiest ways to stay PCI compliant is to go paperless as much as possible, preventing the physical storage of sensitive details. Many contact centers ban any type of paper on the production floor altogether to combat this challenge.
Cell Phone Restrictions
An obvious (yet often overlooked) policy is to ban cell phones within the contact center, specifically on the production floor. This eliminates the potential for pictures or video recordings of sensitive information to be taken and shared externally.
Another important feature is to implement automatic locks for computers that have been left active for a specific amount of time. More importantly, make sure all employees understand that when they leave their computers unattended, they must lock them.
Training employees on creating strong passwords is important, including that they should never be written on sticky notes or saved in a file called “Passwords”. To help enforce proper management, companies may use applications that keep passwords secure in a “vault”, requiring a master password to access it.
Explain & Train
The responsibility of data security is the responsibility of everyone within the contact center. That’s why there needs to be a plan in place to keep everyone across the organization informed and up-to-date.
Training should be carried out across the company on an ongoing basis to enforce the importance of it. This means including it within new-hire orientation and providing monthly resources by email or published on an intranet.
Keep in mind is that not everyone understands IT lingo. Remember to use simplified language when pushing out security information to keep everyone aligned and informed.
A best practice is to have an employee sign-off process in place to enforce that policies are read and understood. This also allows the security department to be aware of which departments are following procedures and which might not be.
There should always be an easy way for employees to reach out to the IT department if they are having security issues or need to flag suspicious activity, such as a designated email distro or chat tool.
Customers have more trust issues than ever before when it comes to data security. Read our thought paper to learn more about how a strong data security program provides comfort and trust for partners and customers, while also guaranteeing safe and secure growth in the future.