It’s National Cybersecurity Month: Is Your Contact Center Vulnerable?

October is National Cybersecurity Awareness month here in the U.S., and it couldn’t come soon enough. Cyberthreats are rapidly increasing in both volume and sophistication, and the vast majority of organizations are unprepared to handle them. In a recent study, more than half of U.S. businesses claim they have experienced a cyberattack in the last year.

Now, you may think that cybercrime is a problem for the IT department. But make no mistake about it: Cybercrime is now an organizational concern. Every employee, regardless of his or her role, needs to be educated about the current cyberthreat landscape in order to effectively detect and defend against incoming attacks.

The contact center, in fact, is now one of the most heavily targeted areas of the enterprise. That’s because it’s often an easy entry point for fraudsters who are looking to worm their way into corporate networks. It’s much simpler, in other words, to phish for information from a customer service representative or spoof someone’s identity than to use traditional hacking tools and strategies.

Here are some common cybersecurity weaknesses that contact center administrators need to be aware of:

Uneducated end users: The email inbox is typically one of the most common targets for cybercriminals, who use them infect end user accounts with malware and gain entry into corporate networks. This is especially problematic in the contact center, where agents often communicate directly with customers — transmitting documents, and opening attachments. Employees need to be taught to recognize and stay away from suspicious-looking emails, as well as fake phone calls and text messages.

Internal threats: Contact centers are also at high risk for inside data breaches, from malevolent contact center agents who have access to sensitive data. This problem is especially hard to stop in large contact centers, where there it’s difficult to monitor agents and make sure they are following the rules. It’s important to protect databases with strong access controls, in order to prevent customer service agents from abusing their privileges and stealing data or selling network access information for their personal gain. It’s very important to do this with remote agents, especially when they operate from other countries.

Synthetic identity theft: Cybercriminals are now using stolen data from different individuals and using it to literally create new customer identities. This practice, which is often referred to as synthetic identity theft, has gotten much worse after the recent Equifax data breach which exposed the records of 143 million U.S. consumers. Last year, it is estimated that synthetic identity theft may have cost financial institutions more than $6 billion. Customer service agents need to be informed about this practice, so they know how to stop a fraudulent transaction when they suspect it.