Contact Center Cybersecurity 2021: Access Management More Important Than Ever
By: Juhi Fadia
Originally published in Customer Magazine
Whether a contact center is run by an enterprise, by an outsourcing partner, by a government agency, insurance company, healthcare provider, or non-profit organization, the platforms (voice, messaging, and increasingly video conferencing) are generating data every minute of every day.
Data security and privacy have long been essential to the success of contact centers, and safeguarding information ensures sustainability. Customers or patients will not tolerate organizations who fail to keep their personally identifiable information (PII) private and secure.
As we march toward 2021, after a tremendously challenging 2020 for all, but especially for contact centers who have been overwhelmed with calls and further pushed to the limit by having to move to work-from-home models, we caught up with Michael Fritzlo, Executive Chairman of Ironsphere, on the general trends for 2021 contact center IT improvements, and on the need to master and secure access given a much larger physical distribution of employees.
“Regulatory compliance in many ways has been relaxed during COVID – perhaps the greatest example is in healthcare and telemedicine, where HIPAA rules were not applied when millions of more patients needed to meet with doctors and nurses virtually, including over Skype or other public video platforms,” Fritzlo explained. As more telemedicine platforms are coming into the market, we expect regulations to be enforced and even strengthened, including HIPAA in the U.S., but across many other governments as well. Regulations and standards govern how you collect and use data. They also dictate the fines and penalties for not following the guidelines.”
Michael Fritzlo also referenced the PCI rule and SOC compliance. “We’ve seen massive attacks now, as adversaries take advantage of the crisis, so we expect to see the number of standards grow as the state and federal governments continue to work to protect consumers and their personally identifiable information.”
Authentication and authorization innovations are catching on, according to Fritzlo, who said, “Confirming consumers’ identities will become increasingly critical in 2021, and contact centers will need to authenticate and authorize people before discussing any financial or health information. While this process has been occurring to a certain degree already with simple checks like birthdates, or the final four digits of a Social Security number, we need to step up the game. As more information will be required to authenticate and authorize, more data is being generated, and the more data there is, the more tempting it becomes for an internal or external threat to grow.”
The benefits of proactive contact center security management solutions are obvious – and are turning IT teams into more proactive than reactive organizations. Without network security monitoring and troubleshooting tools in place, IT has limited impact as troubleshooting happens after the fact.
“Real-time monitoring is proactive,” Michael Fritzlo said. “From a data and analytics viewpoint, IT teams are able to solve problems immediately, and even predict problems by establishing user patterns. With the proper third-party tools to provide end-to-end visibility and analysis, IT can rapidly identify and resolve incidents before they become widespread and create serious productivity-impacting events, including internal threats, which may be posed by contact center agents tempted to cooperate with an adversary for financial gain or for other reasons.”
Fritzlo said, in the context of multi-application and multi-cloud environments, “Third-party monitoring tools give contact center operators unparalleled visibility into what’s happening in real-time or near real-time. It is very important that the IT team is able to assure network quality and connectivity – critical to cloud-based applications rising in importance given work-from-home mandates – and an internal misconfiguration by an unauthorized user can literally take entire contact centers down. So it is not just protecting the private information of end-users, but protecting the infrastructure itself.”
Cloud-based call center platforms often integrate with third-party platforms. It is a good capability—critical, in fact. By pooling data, agents have immediate and easy access to needed information about customers and patients. It also reduces data entry errors and hours of time and labor-intensive work.
Integrating APIs, however, poses a vulnerability: the outside applications. Security and privacy are often the weakest links, meaning that even if your cloud-based software is secure, it could be breached if a third-party platform is not. Accordingly, many contact centers are investing in solutions that monitor these “multi” environments.
“The stakes are higher than ever,” Fritzlo concluded. “In 2021, we will continue to face major challenges and risks, and cybersecurity attacks can cripple government agencies and businesses. For business continuity and to establish and maintain trust, a pillar of a quality security posture is found in Privileged Access Management. A unified platform for all components that make up a modern contact center means better security, to provide an unobstructed view into the infrastructure and application stack in order to monitor, detect and respond to threats quickly – not only to monitor but to automate and to get in front of potential disasters.”
The year of COVID-19 has been a nightmare on so many levels, with over a million dead globally, and nearly a quarter of those in the USA.read more
In an increasingly virtual, distributed, and remote working world, more people are relying on contact centers than ever before.read more
By November 30, 2020, certain U.S. Department of Defense (DoD) prime contractors and subcontractors will need to complete a cybersecurity self-assessment prior to receiving new DoD contracts and prior to the exercise of new options under existing DoD contracts. Additionally, DoD contractors will need to ensure that any subcontractors that receive Controlled Unclassified Information (CUI) have also completed the cybersecurity self-assessment.read more