A+ A A-
Thursday, 18 April 2013 12:02

Recordings: the contact centre security hole

Recordings: the contact centre security hole

The management and security of contact centre recordings tends to be sorely neglected, says Karl Reed, Chief Marketing & Solutions Officer at Elingo.

Most contact centres record voice calls and interactions, but few manage and utilise the resulting data effectively.


In line with legislation, and to protect themselves in the event of customer complaints and queries, most companies have recording systems installed in their contact centres. However, in our experience, recording is not among the top priorities for contact centres, and tends to be a ‘grudge purchase’. This is a mistake.


Installing ‘cheap and nasty’ off the shelf recording tools simply to record and store conversations defeats the object of recording, and leaves gaping holes in enterprise security and risk management.


Business tends to overlook the importance of the confidential information captured in the recordings, as well as its potential strategic business value.


Recorded data from customer voice calls, emails, faxes and SMSes contains a great deal of personal information about clients and their transactions with the enterprise. The potential losses and reputational damage if this data should fall into the wrong hands is huge. While most systems do include some form of tamper record, recorded data is simply not treated with the same levels of security as other enterprise data. Too many contact centres are vague on how the data should be stored and even the length of time the recordings must be stored for – even though, by law, some must be kept for up to ten years.


As enterprises increasingly offer contractual transactions via various channels – including voice and email – the voice or electronic communication has become the binding contract, making security, storage and management of these recordings increasingly important. It is becoming critically important that all recordings are monitored for action points or potential problems, and that these are attended too quickly.


Besides the data security issues, there is business risk and customer retention to be considered. Recorded contact centre data contains vast amounts of valuable information about customer sentiment, potential customer losses and even about the abilities of the contact centre team.


If the recording is not quality managed and integrated into other enterprise systems, there is every chance it will simply be stored, burying valuable insights in a virtual vault. Without effectively using this recorded data, the enterprise is left to rely on the contact centre agent alone as the face of the company, responsible for interpreting sentiment and flagging any concerns. When an agent is managing hundreds of calls a day, they may not be effective in flagging problems and retaining customers.


However, with a quality management team in place to analyse calls, in addition to word spotting functionality and alerts built into the system, the contact centre is able to thoroughly analyse the interactions and respond in a proactive way.


As enterprises look to expand their insights into customer sentiment, they may be ignoring the reserves of information they already have access to. By managing these insights correctly, enterprises can reduce customer churn, grow their customer bases and even respond more timeously to market demand.


Some contact centres are becoming aware of the need to better manage interaction recordings, but may delay upgrading to high-end integrated systems due to the investment required. It’s necessary to consider the costs of not doing so; as well as the potential return on investment in a system that allows the contact centre to deliver better service, increased customer satisfaction and improved business practices. Business management needs to understand how critical it is to maximise the recorded data, to enable a complete, 360 degree view of the customer, for ultimate business success.


Recording needs to be a lot more than a tick in the box. Considering the risk mitigation and customer insight value it can deliver, the management and security of recordings of all transactions, correspondence and conversations needs to be taken seriously.

Published in Security
Friday, 09 November 2012 11:56

A multi-layered approach to protecting SMBs from Internet-based threats

A multi-layered approach to protecting SMBs from Internet-based threats

With the increased affordability of bandwidth and connectivity as well as availability of sophisticated solutions via service based models and the cloud, Small and Medium Businesses (SMBs) are more empowered than ever to truly compete on a global scale. But this same connectivity, while it enables more agile and more technologically advanced business, also opens up the business to a host of threats, with information security and data breaches being a top concern.


Even a single incident of theft of intellectual property, financial transaction data and even customer information can potentially ruin a business, and SMBs are increasingly exposed to a broad spectrum of Internet-based threats. Understanding what methods cybercriminals are using in an attempt to gain access to this information, and adopting a multi-layered approach towards protecting the business, are vital in ensuring SMB users do not fall victim to the latest security threats.


The first step in protection is to gain a thorough understanding of the threat landscape and the latest methods cybercriminals are using in an attempt to hack into systems and steal sensitive data. Attacks have become increasingly targeted over the past two years, and cybercriminals are now specifically targeting organisations using spear phishing attacks and customised malware. Employees themselves are also being targeted using social engineering and infected links on social media sites. This phenomenon is by no means limited to large enterprises, although these large data breaches are the ones that are typically more widely publicised. Education is critical in combating this threat, and users need to be aware in order to avoid suspicious emails, attachments from unknown sources, and links on social media. Users also need to take care what information they share on social media, as the wrong information in the wrong hands can wreak havoc.


Malware is not a new threat, but it is an area that still requires defending against. From emails to websites, malware continues to be a concern for the SMB, as many legitimate websites may have been compromised by malicious code which can infect the user’s machine. SMBs require strong endpoint protection, with traditional anti-virus and anti-malware capabilities as well as advanced technologies such as reputation protection, browser protection and website scanning tools.


Mobile devices are another area which needs to be considered. Smartphones and tablets enable greater productivity and a more mobile workforce, but are often forgotten when it comes to anti-virus, anti-malware and other protection software. However, cybercriminals are beginning to use these platforms as a carrier for malware, and without protection mobile devices can cause significant data breaches. Mobile vulnerabilities are on the increase, and malware directed at these tools can be used to track users and steal sensitive data. Internet security designed to protect mobile devices should be included in any SMB protection strategy to minimise exposure to risk.


Identity theft is another focus of the cybercrime underworld, and data breaches have become increasingly common, often as a result of lost or stolen devices. Data breaches cause multiple issues for businesses, not only in terms of financial damage but also damage to reputation and customer trust, something which is critical for SMBs. Data loss prevention technology can help to minimise the damage caused in the event of a data breach, and can also help to highlight business processes that need improvement.


Knowing what threats exist is vital, and using this information to develop a comprehensive security plan will help organisations to ensure that they are protected against a host of threats online. Protecting SMBs requires a multi-layered approach, along with multiple forms of protection, from endpoints to the network, including firewalls, intrusion detection and gateway antivirus solutions. Network monitoring is also critical to ensure that potential attacks can be identified before they even enter the network.


Intelligent security policies should also be implemented, including the requirement for confidential information to be encrypted. Use of portable file storage devices, including external hard drives, flash drives and even storage media on smartphones should be restricted to reduce the risk of unintentionally introducing malware onto devices and networks. Finally, security solutions and protection tools should always be kept up to date with the latest patches and virus definitions to ensure they are able to deal with emerging threats before they can cause problems.


Information is a business’ most critical asset, and SMBs are no different. This means that information must be protected to ensure that SMBs can continue to operate and thrive. Internet-based threats are an increasing problem, and the threat landscape continues to evolve. Education, comprehensive and intelligent policies and sophisticated protection solutions form the cornerstones of a multi-layered approach that will protect SMBs from Internet-based threats now and in the future.

Published in Security
It’s time to end the apathy about mobile device security

Are false promises from major vendors lulling South Africa’s IT community into apathy about mobile device security? There are increasingly worrying signs that this is exactly what may be happening.

CIOs and IT managers are well aware of the fact that the move towards “bring your own device” environments is radically changing the landscape. Everyone is reading the same articles and everyone says the issue is on their radar – but they’re relying on the mobile device management (MDM) provided by the major players like Microsoft, RIM, Juniper, SAP and all the others.

The problem is, if you’re Microsoft or SAP, mobile device management is not your core competence – and it shows. The MDM offerings currently on the market from the major players are just not in the same league as what’s available from specialists.

Are you prepared to bet the security of your IT environment on a project that’s anything less than the best in its class?

The risks are not small. If I was a hacker with an interest in corporate espionage, I’d be spending a lot of my time right now in airport lounges and restaurants where senior executives hang out. It’s so easy to set up a smartphone as a WiFi hotspot that a lot of people are doing it -- with no thought about security. But just one unsecured hotspot could give the hacker high-level access to the entire corporate network.

To complicate things, it’s the most senior employees who are most likely to be bringing in their own devices, against the wishes of the IT department. These are also the people have access to the most sensitive information -- how many of them have downloaded board packs to their iPads?

Gartner has specifically warned that hackers are now targeting smartphones and tablets – and traditional security solutions are wholly inadequate to the task of securing them. You need a dedicated mobile device management solution.

There’s no point in waiting for “market consolidation” either – the other line we hear frequently. The truth is, the market is already consolidated and the leaders are clear. A quick comparison of last year’s Gartner Magic Quadrant with this year’s will confirm this.

The real tragedy is that until the mobile device environment is secure, you can’t even begin to explore all the new possibilities this change opens up. There are many wonderful applications out there that can truly increase productivity and competitive advantage – but until you know that cool videoconferencing app for smartphones won’t be exposing your entire network, using it is not worth the risk.

Published in Mobile
Thursday, 02 August 2012 10:09

Securing the Mobile Enterprise

Securing the Mobile Enterprise

Mobile devices have infiltrated nearly every aspect of people's lives. The amount of personal and corporate data stored on these devices, makes securing the information on the device a priority. A survey conducted in January 2012 by Dimensional Research explored the impact of mobile devices on information security in corporate environments, noting that 94 percent of companies have seen an increased number of personal mobile devices, such as smartphones or tablets, connecting to corporate networks. Increased employee productivity and mobility are the main benefits for organisations that allow these devices in the workplace, but those benefits come with their own set of risks.

The threats associated with mobile devices can come in many forms, including:

  • Mobile operating system – Every OS, including Android, iOS, BlackBerry and Windows, comes with their own set of security challenges. Threats can originate from mobile apps, the mobile browser, as well as insecure Bluetooth and Wi-Fi hotspot usage.
  • Employees – that the lack of security awareness amongst employees is often the leading factor impacting the security of mobile data. Many employees simply aren't aware of the mobile security risks and corporate policies associated with mobile devices, such as storing corporate data, customer information or access to business applications.
  • Personal mobile devices – The consumerisation of IT brings forth another layer of complexity as more employees want to leverage their personal mobile device for business purposes. While companies begin to accept the "BYOD" (Bring Your Own Device) trend, there are significant concerns about the privacy of sensitive data stored on the devices that IT must handle.

The first step businesses should consider when safeguarding against these security challenges is developing and enforce best practices and corporate policies for the mobile enterprise. This should include a list of approved devices that can access corporate data, the types of data that can be stored on mobile devices and taken out of a corporate environment, which types of mobile apps can be downloaded onto devices, procedure for theft or loss of a device, a routine for updating operating systems patches, requiring mobile passwords, as well as having the capability to wipe a lost or stolen device.

Mobile device usage in the workplace is a trend that has staying power because it un-tethers employees from their offices, allowing them to work more efficiently while on the go. As with any emerging trend, organisations will need to be careful about striking the right balance between mobility that empowers employees and the new security concerns that arise from it.

Published in Security
Copyright © 2014 gdmc (Geoffrey Dean Marketing Corporation cc). All rights reserved. Material may not be published or reproduced in any form without prior written permission. Use of this site constitutes acceptance of our Terms & Conditions and Privacy Policy. External links are provided for reference purposes. SALeader.co.za is not responsible for the content of external Internet sites.

Login or Subscribe