Information security is one of the most priority areas of any business sphere, particularly in banking activity. However, in most cases, the focus here is on the operational activities of the bank, that is, around the core business and the systems that ensure its operation.
How secure are the banks’ call centers?
According to the statistics, the banking sector accounts for the largest share of the total number of intentional data leaks compared to other industries. At the same time, in general, 53.5% of information leaks in all segments are usually caused by employees of the company, 37.6% — were due to the actions of intruders, and only 1.2% — are due to the fault of system administrators.
The security of any call center is based on what rules are prescribed, how an employee behaves, and what they can or cannot do in work systems. However, it is not necessary to reduce everything to the so-called “human factor”. To ensure full protection of the bank’s contact center, it is important to consider several other important points.
First, it is necessary to use security standards, which must be met without fail. Leading companies strive to build their system of standards based on the best practices and recognized international safety standards. It is crucial to pay special attention and choose one of the top call center companies that will communicate with the clients and strictly adhere to safety standards.
Secondly, a great risk is associated with potential fraud. In the case of a contact center, one of the main risks is possible criminal actions on the part of its employees, which must be eliminated at the recruitment stage, as well as with the help of strict rules of conduct at the workplace.
Thirdly, we must not forget about the technical risks. All security measures that require standards to minimize risks from a technical point of view need to be implemented. If some of the technical protection measures are performed poorly, then this problem may be even more serious than a possible fraud.
How can a contact center employee prevent the actions of scammers?
Authentication is a critical stage of any request to the contact center. As a rule, the contact center operator can verify that the people who apply are who they claim to be in several ways. For example, the caller needs to tell the passport number, code word, or other data known only to the account holder. These requirements should be formulated and fixed. Every employee of the bank’s contact center should know the algorithm and adhere to it.
Security issues are the responsibility not only of the Information Security department of the company but also of each employee of the contact center. Simple rules help to prevent information leakage or fraud attempts.
Selection of contact center operators
Recruitment to the bank’s contact center should be carried out in several stages, including interviews, requests for recommendations, and background checks. Security services in banks can be connected to the recruitment of personnel and conduct their checks.
Training in information security rules
Employees should know in practice how to respond to potential threats. For example, security systems can skip phishing emails, and an employee should be able to recognize signs of such an attack. Motivate operators to communicate openly and inform about any suspicious actions. Create a hotline where employees can report suspicious activity. Conduct regular training for operators according to their access level and work responsibilities.
Clean Desktop Policy
The employee must leave all personal belongings outside the operating room, where the personal data of clients is processed. First of all, electronic devices, paper, writing materials, and any other media that can record, store and transmit data fall under the ban. This should be part of the corporate rules that define the boundaries of what can and cannot be done in the company.
Technical requirements
Contact center employees should not have access to information that they do not need for work: either physically, through a browser, or on a local disk in the computer. Conditionally, if employees do not need to right-click for work operations, it means that their right mouse button should be blocked. If they do not need to open more than two or three websites that are allowed to work, then they will have access only to them.
Early threat detection
Security systems should monitor the suspicious activity of contact center employees and promptly report it to the relevant services of the bank. Based on this monitoring, reports should be regularly generated, according to which suspicious actions are determined. In addition, responsible managers on the project must constantly monitor employees and respond to suspicious activity on the spot. For example, if an employee does not need to open more than two or three sites for work, then surfing the Internet will be determined as suspicious activity.
High safety standards
The security system should not be limited to security standards and IT systems. Additionally, it is necessary to conduct regular security checks: daily monitoring of IT systems, security policies, and employee access to data and programs. They help to gather information about operational processes and develop more effective security tools.
Compliance with all these rules will allow you to build a strong contact center security system. Of course, the bank can do this on its own, but it will require a lot of resources: time, human and financial. For some large banking organizations with a complex structure of internal interaction and a very long decision-making process, perhaps the best solution would be to outsource the operations of the contact center. When choosing a truly reliable partner, it may turn out that the level of security in outsourcing is higher than in a bank. For an external partner, this is the main activity, and they are already ready to provide the service here and now with the level of security required by the bank.
In the bank’s contact center, it is especially important to understand the risks and improve the protection of all processes so that the client receives a comfortable service at the exit. When introducing new technologies, one should never forget that, first of all, it should be convenient for the user — the bank’s client. Apart from all this, the most important thing is not to wait for a cyber attack. Simulate all possible situations in advance to be ready at the right moment. The more you do to prepare, the easier it will be to neutralize the attack.