Following a survey of contact centre agents worldwide, Semafone – the leading provider of data security and compliance solutions – has issued a warning to businesses with contact centres about the top five insider threats that are putting customer data at risk.
Semafone has produced a guide highlighting the individuals and scenarios that can act as a catalyst for a brand-damaging data breach. Originating both inside and outside a contact centre, the insider threats come in the form of individuals using bribery, coercion, social engineering and malware to get their hands on sensitive customer data. However, not all threats are malicious in nature; the guide illustrates that high-profile data breaches can also stem from simple instances of human error and agents accidentally exposing personally identifiable information (PII).
1. The Tempted Temp
Temporary agents, such as those hired to handle seasonal surges in call volumes, often have less loyalty to a company. Without the proper screening processes or clean room policies, these employees can easily steal sensitive information.
2. The Credulous Clicker
Even the most trustworthy employee can accidentally expose sensitive data. An agent may inadvertently click on a link or open an email attachment thinking it is from a customer, only to unleash a virus into the system, which steals customer data.
3. The Vengeful Victim
A disgruntled employee with a personal grudge against management can take advantage of an agent’s access to customer data, bribing them to share payment card details and other information.
4. The Hidden Hacker
Anyone with access to agents’ computers can steal sensitive data stored in the network. For example, a rogue IT support employee could insert a Remote Access Trojan, or “RAT” into a computer; this little piece of software allows the device to be accessed remotely, enabling the hacker to tap into customer data.
5. The Contract Cleaner
Anyone with access to the contact centre facility can get their hands on personally identifiable information (PII). For example, someone on a cleaning team is likely to have unrestricted access to the building. This makes it easy for them to access contact centre computers and use USB sticks to install software that captures detailed customer information.
Tim Critchley, Semafone CEO said,
“While these are just few examples of the types of fraudsters and cybercriminals that contact centres may encounter, it is more important than ever for organisations to protect themselves and their customers against potentially brand-damaging data breaches,”
“Of course, most employees are trustworthy people, but it only takes one rogue worker to expose or steal PII.”
“By removing as much sensitive PII as possible from business infrastructures, contact centres can reduce the risks associated with a detrimental, costly data breach,” Critchley added.
“They do not have to worry about outside hackers, third parties with fraudulent intentions, or even agents prone to honest mistakes. As we like to say at Semafone, ‘No one can hack the data you don’t hold.’”
Additional Information
To learn more about the threats to contact centre data security and how to mitigate them, download Semafone’s new eBook, “The flawed five: who’s threatening the security of your contact centre,” Click Here.
For additional information on Semafone visit their Website
