Five Things You Need to Ask About Security When Choosing a Cloud Contact Center
In light of countless current events surrounding digital security—from the data breaches at Target and Home Depot to the hacking of iCloud that resulted in the theft of private celebrity pictures—the importance of securing corporate data top of mind for any organization considering a move to the cloud. Contact centers in particular must be keenly aware of and up to date on the tools available to ensure customer data security to avoid breaches. Your company could suffer irreparable damage if contact center Customer Relationship Management (CRM) systems get hacked at a point of weakness and private data is stolen.
Think about it. The contact center is arguably the public face of your business. It’s the part that’s most customer-facing. When your customers have questions or concerns, they call your agents, reveal their personal problems and associated private data and hope those agents can help solve their problems as quickly as possible.
Customers don’t call contact centers based on whether or not they’re safe; they assume that the data they give in order to correct issues with their accounts will be secure. Since customers put their trust in your contact centers, it’s up to you to keep that data safe.
Five questions to ask for a secure cloud contact center
A common concern for organizations moving their contact centers to the cloud is security. Ironically, due to the security tools available on cloud platforms, it’s not unusual for a cloud contact center to have more security controls than a brick-and-mortar one. If you’re looking for a cloud contact center provider to take care of your business’s particular needs, it’s imperative that you consider the security features available with respect to caller data, call recording and virtual agent desktops. As you begin your search, you’ll need to ask yourself the following five questions:
Are the data centers PCI compliant?
Secure contact center tools should be built with Payment Card Industry Data Security Standards (PCI DSS) and, if required, HIPAA compliance in mind. If you will be taking customer banking or credit card information, be sure to pick a solution with fully PCI compliant data centers. The certification requires heavy and ongoing tests and checks to ensure the highest level of data security. And even if you are not taking bank information but simply looking for a secure solution, PCI compliance ensures the highest level of data security.
Can the caller data be stored on premise?
Many organizations rule out the option of cloud due to security concerns. However, some cloud providers offer a hybrid cloud, in which most of the functionality is delivered as a cloud service, but the client CRM data and call recordings remained stored on the client’s premise for security.
What level of encryption is applied to call data? Is that encryption unique to the call?
Every call that comes into the contact center is an interaction chock full of private data, so be sure to investigate the level of encryption for call recording and screen capture. Every contact center must record calls, and some even implement video screen capture for quality assurance purposes. To ensure that those recordings aren’t vulnerable to hackers, ask what level of encryption is applied to the recordings. Does each call recording have a unique encryption code to prevent batch hacking, or do they all share the same encryption? And is the live call vulnerable, or does the provider offer on-the-fly encryption? Most solutions only encrypt the call after the caller hangs up, when the call is stored in the data center. However, some offer on the fly encryption for live calls as well. For the highest level of security, request at least AES 256-bit unique call encryption implemented on the fly and persisting through the life cycle of the call recording.
Are there automated options for inputting client data?
Since humans are often the weakest point in the security chain, some providers offer automation to collect sensitive caller data. For example, Spoken offers the Secure IVR for automated, PCI-compliant data collection.
How will the agent desktop be secured?
Virtual desktops allow remote agents to work from home, and fortunately, a number of safety measures are available to make them even more secure than desktops at brick-and-mortar locations. Ask about end point scanning, which verifies system compatibility and conducts a virus scan each time the agent logs in to the virtual desktop. Likewise, two-factor authentication is the industry standard for secure login. And some providers offer additional security features for virtual agent desktops, such as keyboard lockdown, which prohibits certain harmful key combinations (such as Print Screen), or “kiosk mode,” which strictly limits desktop functionality to the applications required to service clients. Determine which level of agent desktop security is right for your organization and select which security features are essential for your implementation.
When it comes to transitioning a contact center to the cloud, security is a key concern. However, the tools available to ensure data security are often more powerful than those available for on-premise solutions. Spoken offers a highly secure Contact Center as a Service (CCaaS) cloud with a hybrid option for storing call recordings and CRM data on premise, PCI Level One compliant data centers, AES 256-bit unique call encryption on the fly and additional features to secure agent desktops.
More questions about contact center security? Please don’t hesitate to reach out to us and bring us your security challenges!